CVE-2020-26926

Vulnerability

An authentication bypass vulnerability affects several NETGEAR WiFi system products. The affected models and their vulnerable firmware versions are: CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11 [1]. The vulnerability exists in the authentication mechanism and can be triggered without any special configuration beyond having the device on the local network.

Exploitation

An attacker with network access to the affected device can exploit this authentication bypass without needing any credentials or user interaction. The CVSS vector (AV:A/AC:L/PR:N/UI:N) indicates the attack is launched from the adjacent network, has low complexity, requires no privileges, and no user interaction [1]. No specific sequence of steps beyond gaining network proximity and sending crafted requests is described in the available reference.

Impact

Successful exploitation allows an unauthenticated attacker to bypass authentication controls [1]. This leads to full administrative compromise of the device, enabling the attacker to read, modify, or disrupt device operation and potentially pivot to other hosts on the network. The CVSS score of 9.6 (Critical) reflects a high severity of impact [1].

Mitigation

NETGEAR has released fixed firmware versions: CBR40 (2.5.0.10), RBK752/RBR750/RBS750 (3.2.15.25), and RBK852/RBR850/RBS850 (3.2.10.11) [1]. Users should download and install the latest firmware for their specific model from NETGEAR Support immediately to mitigate the vulnerability. No workaround is provided in the advisory.