Unrated severityNVD Advisory· Published Oct 9, 2020· Updated Aug 4, 2024

CVE-2020-26928

Description

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authentication bypass in multiple NETGEAR WiFi systems allows unauthenticated adjacent attackers to gain unauthorized access.

Vulnerability

An authentication bypass vulnerability exists in multiple NETGEAR WiFi system models, including CBR40, RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850. Affected versions are firmware prior to 2.5.0.10 for CBR40, prior to 3.2.15.25 for RBK752/RBR750/RBS750, and prior to 3.2.10.11 for RBK852/RBR850/RBS850 [1]. The vulnerability allows an attacker to bypass authentication mechanisms without requiring any credentials.

Exploitation

An unauthenticated attacker on the same local network (adjacent) can exploit this vulnerability by sending specially crafted packets to the affected device. No user interaction or prior authentication is required. The CVSS vector confirms the attack complexity is low and no privileges are needed [1].

Impact

Successful exploitation results in full authentication bypass, which could allow the attacker to gain administrative access to the device. This can lead to complete compromise of confidentiality, integrity, and availability of the affected WiFi system [1].

Mitigation

NETGEAR has released fixed firmware versions: 2.5.0.10 for CBR40, 3.2.15.25 for RBK752/RBR750/RBS750, and 3.2.10.11 for RBK852/RBR850/RBS850 [1]. Users are strongly advised to download and install the latest firmware from NETGEAR Support [1]. No workarounds are documented in the available references.

References

Security Advisory for Authentication Bypass on Some WiFi Systems, PSV-2020-0027

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

NETGEAR/devicesdescription
Netgear/CBR40llm-fuzzy
Range: before 2.5.0.10
Netgear/RBK752llm-fuzzy
Range: before 3.2.15.25
Netgear/RBR750llm-fuzzy
Range: before 3.2.15.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.netgear.com/000062324/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0027mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000