Unrated severityNVD Advisory· Published Oct 9, 2020· Updated Aug 4, 2024

CVE-2020-26905

Description

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

NETGEAR WiFi systems expose administrative credentials, allowing an adjacent attacker to gain full device access.

Vulnerability

Unaffected NETGEAR WiFi system models (CBR40, RBK752, RBR750, RBS750, RBK852, RBR850, RBS850) running firmware versions prior to the fixed releases (2.5.0.10 for CBR40, 3.2.15.25 for RBK752/RBR750/RBS750, and 3.2.10.11 for RBK852/RBR850/RBS850) are vulnerable to disclosure of administrative credentials [1]. The precise code path and condition required are not detailed in the available references.

Exploitation

An attacker who is on the same local network as the affected device (adjacent network position) can exploit the vulnerability without authentication. The available references do not provide a concrete sequence of steps, but the flaw allows retrieval of the device's administrative credentials [1].

Impact

Successful exploitation results in disclosure of the device's administrative credentials, leading to a complete compromise of confidentiality, integrity, and availability. The attacker gains full administrative control over the affected device [1].

Mitigation

NETGEAR has released fixed firmware versions: 2.5.0.10 for CBR40, 3.2.15.25 for RBK752/RBR750/RBS750, and 3.2.10.11 for RBK852/RBR850/RBS850 [1]. Users are strongly recommended to update their devices to the latest firmware immediately. No workarounds for unpatched devices are provided in the references.

References

Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0047

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/NETGEAR devicesdescription
Netgear/CBR40llm-fuzzy
Range: <2.5.0.10
Netgear/RBK752llm-fuzzy
Range: <3.2.15.25
Netgear/RBR750llm-fuzzy
Range: <3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062349/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0047mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000