Sign-up

ID

VAR-202010-0565


CVE

CVE-2020-26899


TITLE

plural  NETGEAR  Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012224

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11

Trust: 1.62

sources: NVD: CVE-2020-26899 // JVNDB: JVNDB-2020-012224

AFFECTED PRODUCTS

vendor:netgearmodel:rbk852scope:ltversion:3.2.10.11

Trust: 1.0

vendor:netgearmodel:rbr750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:cbr40scope:ltversion:2.5.0.10

Trust: 1.0

vendor:netgearmodel:rbk752scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.10.11

Trust: 1.0

vendor:netgearmodel:rbs750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.10.11

Trust: 1.0

vendor:ネットギアmodel:cbr40scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk752scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk852scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs850scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012224 // NVD: CVE-2020-26899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26899
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2020-26899
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-26899
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-329
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-26899
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26899
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-26899
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-26899
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012224 // CNNVD: CNNVD-202010-329 // NVD: CVE-2020-26899 // NVD: CVE-2020-26899

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012224 // NVD: CVE-2020-26899

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-329

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202010-329

PATCH

title:Security Advisory for Sensitive Information Disclosure on Some WiFi Systems, PSV-2020-0030url:https://kb.netgear.com/000062355/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0030

Trust: 0.8

title:Multiple NETGEAR Repair measures for device information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131118

Trust: 0.6

sources: JVNDB: JVNDB-2020-012224 // CNNVD: CNNVD-202010-329

EXTERNAL IDS

db:NVDid:CVE-2020-26899

Trust: 2.4

db:JVNDBid:JVNDB-2020-012224

Trust: 0.8

db:CNNVDid:CNNVD-202010-329

Trust: 0.6

sources: JVNDB: JVNDB-2020-012224 // CNNVD: CNNVD-202010-329 // NVD: CVE-2020-26899

REFERENCES

url:https://kb.netgear.com/000062355/security-advisory-for-sensitive-information-disclosure-on-some-wifi-systems-psv-2020-0030

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-26899

Trust: 1.4

sources: JVNDB: JVNDB-2020-012224 // CNNVD: CNNVD-202010-329 // NVD: CVE-2020-26899

SOURCES

db:JVNDBid:JVNDB-2020-012224
db:CNNVDid:CNNVD-202010-329
db:NVDid:CVE-2020-26899

LAST UPDATE DATE

2024-11-23T23:01:13.635000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-012224date:2021-04-27T05:46:00
db:CNNVDid:CNNVD-202010-329date:2020-10-21T00:00:00
db:NVDid:CVE-2020-26899date:2024-11-21T05:20:26.647

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-012224date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-329date:2020-10-09T00:00:00
db:NVDid:CVE-2020-26899date:2020-10-09T07:15:13.870