Unrated severityNVD Advisory· Published Oct 9, 2020· Updated Aug 4, 2024

CVE-2020-26904

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Certain NETGEAR WiFi systems expose administrative credentials to adjacent attackers, affecting multiple models before specific firmware versions.

Vulnerability

An administrative credential disclosure vulnerability exists in several NETGEAR WiFi system models. Affected devices include CBR40 before firmware 2.5.0.10, RBK752, RBR750, RBS750 before 3.2.15.25, and RBK852, RBR850, RBS850 before 3.2.10.11. The vulnerability allows an attacker to obtain admin credentials without proper authentication [1].

Exploitation

An attacker can exploit this vulnerability from an adjacent network (LAN-side) by sending specially crafted requests to the device's management interface. No prior authentication or user interaction is required. The exact attack vector is not detailed but likely involves accessing a management endpoint that exposes credentials [1].

Impact

Successful exploitation enables an attacker to retrieve administrative credentials, leading to full compromise of the affected device. The attacker gains complete control over the WiFi system, including the ability to modify settings, monitor traffic, and potentially pivot to other devices on the network [1].

Mitigation

NETGEAR has released fixed firmware versions for all affected products: CBR40 firmware 2.5.0.10, RBK752, RBR750, RBS750 firmware 3.2.15.25, and RBK852, RBR850, RBS850 firmware 3.2.10.11. Users should upgrade to the latest firmware immediately via the NETGEAR Support website [1].

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0046

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/CBR40llm-fuzzy
Range: <2.5.0.10
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBK852llm-fuzzy
Range: <3.2.10.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062350/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0046mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000