CVE-2020-26906

Vulnerability

An administrative credential disclosure vulnerability exists on several NETGEAR WiFi system models. The issue affects the following products running firmware versions prior to the listed fixed releases: CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11 [1]. The vulnerability leads to disclosure of administrative credentials to an attacker without prior authentication or any special privileges.

Exploitation

An attacker who is on the same network (adjacent) can exploit this vulnerability to obtain the administrative credentials for the affected device. No authentication or user interaction is required, as the attacker can trigger the disclosure from an unauthenticated position on the local network segment [1].

Impact

Successful exploitation results in the disclosure of the device's administrative credentials (username and password). An attacker obtaining these credentials gains full administrative control over the affected NETGEAR device, allowing them to change configuration, monitor traffic, install malicious firmware, or pivot to other devices on the network. This constitutes a complete loss of confidentiality for administrative secrets, with subsequent risk of compromise to device integrity and availability.

Mitigation

NETGEAR has released firmware updates that fix this vulnerability. Users should update to the following versions or later: CBR40 to 2.5.0.10, RBK752/RBR750/RBS750 to 3.2.15.25, RBK852/RBR850/RBS850 to 3.2.10.11 [1]. No workarounds are provided; installing the latest firmware from the NETGEAR Support site is the recommended action [1].