Unrated severityNVD Advisory· Published Oct 9, 2020· Updated Aug 4, 2024

CVE-2020-26900

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems disclose administrative credentials to unauthenticated attackers on the local network, requiring a firmware update.

Vulnerability

An administrative credential disclosure vulnerability exists in multiple NETGEAR WiFi system models. Affected devices include the CBR40 (firmware before 2.5.0.10), RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 (all before 3.2.15.25) [1]. The vulnerability allows the administrative credentials to be disclosed to an unauthenticated attacker on the local network.

Exploitation

An attacker must be on the local network (adjacent) to exploit this vulnerability [1]. No authentication or user interaction is required. The attacker can obtain the administrative credentials by sending crafted requests to the affected device.

Impact

Successful exploitation results in disclosure of the administrative credentials, granting the attacker full administrative access to the device. This can lead to complete compromise of the device, including the ability to change configuration, monitor traffic, and potentially pivot to other devices on the network.

Mitigation

NETGEAR has released fixed firmware versions: CBR40 users should upgrade to 2.5.0.10 or later, and all other affected models (RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) should upgrade to 3.2.15.25 or later [1]. Users should download the latest firmware from NETGEAR Support and install it as soon as possible.

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0032

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/CBR40llm-fuzzy
Range: <2.5.0.10
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBR750llm-fuzzy
Range: <3.2.15.25
Netgear/RBS750llm-fuzzy
Range: <3.2.15.25
Netgear/RBK852llm-fuzzy
Range: <3.2.15.25
Netgear/RBR850llm-fuzzy
Range: <3.2.15.25
Netgear/RBS850llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062354/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0032mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000