// For flags

CVE-2020-11549

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.

Se detectó un problema en NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 versión V2.5.1.106, Outdoor Satellite (RBS50Y) versión V2.5.1.106, y Pro Tri-Band Business WiFi Router (SRR60) AC3000 versión V2.5.1.106. La cuenta root presenta la misma contraseña que el componente Web-admin. Por lo tanto, al explotar el CVE-2020-11551, es posible lograr una ejecución de código remota con privilegios root en el sistema Linux incorporado.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-05 CVE Reserved
  • 2020-05-18 CVE Published
  • 2024-06-27 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-798: Use of Hard-coded Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netgear
Search vendor "Netgear"
 Rbs50y Firmware
Search vendor "Netgear" for product "Rbs50y Firmware"
 2.5.1.106
Search vendor "Netgear" for product "Rbs50y Firmware" and version "2.5.1.106"
-
Affected
in Netgear
Search vendor "Netgear"
 Rbs50y
Search vendor "Netgear" for product "Rbs50y"
--
Safe
Netgear
Search vendor "Netgear"
 Srr60 Firmware
Search vendor "Netgear" for product "Srr60 Firmware"
 2.5.1.106
Search vendor "Netgear" for product "Srr60 Firmware" and version "2.5.1.106"
-
Affected
in Netgear
Search vendor "Netgear"
 Srr60
Search vendor "Netgear" for product "Srr60"
--
Safe
Netgear
Search vendor "Netgear"
 Srs60 Firmware
Search vendor "Netgear" for product "Srs60 Firmware"
 2.5.1.106
Search vendor "Netgear" for product "Srs60 Firmware" and version "2.5.1.106"
-
Affected
in Netgear
Search vendor "Netgear"
 Srs60
Search vendor "Netgear" for product "Srs60"
--
Safe