CVE-2020-26898

Vulnerability

A security misconfiguration vulnerability exists in NETGEAR RAX40 routers running firmware versions prior to 1.0.3.80 [1]. The issue stems from incorrect configuration of security settings, which affects the device's default security posture. No specific configuration or user action is required for the code path to be reachable aside from having an affected firmware version installed.

Exploitation

An attacker with adjacent network access (logical proximity to the device, such as within wireless range) can exploit this misconfiguration without requiring authentication or user interaction [1]. The CVSS vector AV:A/AC:L/PR:N/UI:N/S:C indicates low attack complexity and no privileges required, with a scope change. The exact exploitation steps are not publicly detailed but involve leveraging the misconfigured settings to compromise the device.

Impact

Successful exploitation leads to high impact on confidentiality and integrity, with a low impact on availability, as shown by the CVSS score of 9.6 (Critical) [1]. This indicates an attacker can potentially disclose sensitive information and modify device state, possibly affecting other systems due to the scope change (S:C). The attacker may achieve full compromise of the router's configuration or network access.

Mitigation

NETGEAR released firmware version 1.0.3.80 to fix this vulnerability [1]. Users should download and install the latest firmware from NETGEAR Support as soon as possible. There is no known workaround, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.