Unrated severityNVD Advisory· Published Oct 9, 2020· Updated Aug 4, 2024

CVE-2020-26903

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems firmware before specific versions disclose admin credentials, allowing attackers to gain administrative access.

Vulnerability

The vulnerability is an administrative credential disclosure affecting multiple NETGEAR WiFi system models. The following models and firmware versions are impacted: CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11 [1].

Exploitation

An attacker on the same local network can exploit this vulnerability to obtain administrative credentials without authentication. The advisory does not provide specific exploitation steps, but it indicates that the disclosure occurs under certain conditions [1].

Impact

Successful exploitation allows an attacker to gain administrative credentials, leading to full control of the affected device. This can result in unauthorized access to configuration settings, network traffic interception, and potential compromise of other connected devices, impacting confidentiality and integrity [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected models: CBR40 firmware version 2.5.0.10, RBK752/RBR750/RBS750 firmware version 3.2.15.25, and RBK852/RBR850/RBS850 firmware version 3.2.10.11. Users should update to these versions immediately. No workarounds are provided [1].

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0043

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/CBR40llm-fuzzy
Range: <2.5.0.10
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBK852llm-fuzzy
Range: <3.2.10.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000