CVE-2020-26927

09.10.2020, 07:15

Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.4 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
mitre	CNA	9.4 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:L/PR:N/S:U/UI:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
netgear	ac2100_firmware	𝑥 < 1.2.0.62
netgear	ac2400_firmware	𝑥 < 1.2.0.62
netgear	ac2600_firmware	𝑥 < 1.2.0.62
netgear	d6200_firmware	𝑥 < 1.1.00.40
netgear	d7000_firmware	𝑥 < 1.0.1.78
netgear	jr6150_firmware	𝑥 < 1.0.1.26
netgear	r6020_firmware	𝑥 < 1.0.0.42
netgear	r6050_firmware	𝑥 < 1.0.1.26
netgear	r6080_firmware	𝑥 < 1.0.0.42
netgear	r6120_firmware	𝑥 < 1.0.0.66
netgear	r6220_firmware	𝑥 < 1.1.0.100
netgear	r6260_firmware	𝑥 < 1.1.0.66
netgear	r6700_firmware	𝑥 < 1.2.0.62
netgear	r6800_firmware	𝑥 < 1.2.0.62
netgear	r6900_firmware	𝑥 < 1.2.0.62
netgear	r7450_firmware	𝑥 < 1.2.0.62
netgear	wnr2020_firmware	𝑥 < 1.1.0.62

𝑥

= Vulnerable software versions

References

https://kb.netgear.com/000062325/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0109