Details of VAR-202006-0586

ID

VAR-202006-0586

CVE

CVE-2020-14428

TITLE

plural NETGEAR Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-006749

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. plural NETGEAR Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR RBK752, etc. are all home WiFi systems of NETGEAR. There are security vulnerabilities in many NETGEAR products. Attackers can use this vulnerability to obtain management credentials

Trust: 2.16

sources: NVD: CVE-2020-14428 // JVNDB: JVNDB-2020-006749 // CNVD: CNVD-2021-62723

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-62723

AFFECTED PRODUCTS

vendor:	netgear	model:	rbk752	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs750	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk753s	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk842	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs840	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk852	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk853	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbr850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbs850	scope:	lt	version:	3.2.15.25	Trust: 1.6
vendor:	netgear	model:	rbk752	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk753s	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk842	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk852	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbk853	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr840	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbr850	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs750	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs840	scope:	eq	version:	3.2.15.25	Trust: 0.8
vendor:	netgear	model:	rbs850	scope:	eq	version:	3.2.15.25	Trust: 0.8

sources: CNVD: CNVD-2021-62723 // JVNDB: JVNDB-2020-006749 // NVD: CVE-2020-14428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-14428
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-14428
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-006749
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-62723
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202006-1241
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-14428
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006749
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2021-62723
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-14428
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-14428
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006749
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-62723 // JVNDB: JVNDB-2020-006749 // CNNVD: CNNVD-202006-1241 // NVD: CVE-2020-14428 // NVD: CVE-2020-14428

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-522	Trust: 0.8

sources: JVNDB: JVNDB-2020-006749 // NVD: CVE-2020-14428

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1241

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1241

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006749

PATCH

title:	Security Advisory for Admin Credential Disclosure on Some WiFi Systems, PSV-2020-0044	url:	https://kb.netgear.com/000061936/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0044	Trust: 0.8
title:	Patch for Information Disclosure Vulnerabilities in Multiple NETGEAR Products (CNVD-2021-62723)	url:	https://www.cnvd.org.cn/patchInfo/show/275116	Trust: 0.6
title:	Multiple NETGEAR Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121990	Trust: 0.6

sources: CNVD: CNVD-2021-62723 // JVNDB: JVNDB-2020-006749 // CNNVD: CNNVD-202006-1241

EXTERNAL IDS

db:	NVD	id:	CVE-2020-14428	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006749	Trust: 0.8
db:	CNVD	id:	CNVD-2021-62723	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1241	Trust: 0.6

sources: CNVD: CNVD-2021-62723 // JVNDB: JVNDB-2020-006749 // CNNVD: CNNVD-202006-1241 // NVD: CVE-2020-14428

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-14428	Trust: 2.0
url:	https://kb.netgear.com/000061936/security-advisory-for-admin-credential-disclosure-on-some-wifi-systems-psv-2020-0044	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14428	Trust: 0.8

sources: CNVD: CNVD-2021-62723 // JVNDB: JVNDB-2020-006749 // CNNVD: CNNVD-202006-1241 // NVD: CVE-2020-14428

SOURCES

db:	CNVD	id:	CNVD-2021-62723
db:	JVNDB	id:	JVNDB-2020-006749
db:	CNNVD	id:	CNNVD-202006-1241
db:	NVD	id:	CVE-2020-14428

LAST UPDATE DATE

2024-11-23T21:35:44.493000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-62723	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-006749	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1241	date:	2020-06-22T00:00:00
db:	NVD	id:	CVE-2020-14428	date:	2024-11-21T05:03:14.810

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-62723	date:	2020-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-006749	date:	2020-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202006-1241	date:	2020-06-18T00:00:00
db:	NVD	id:	CVE-2020-14428	date:	2020-06-18T17:15:12