Sign-up

ID

VAR-202010-0567


CVE

CVE-2020-26901


TITLE

plural  NETGEAR  Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-012227

DESCRIPTION

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25

Trust: 1.62

sources: NVD: CVE-2020-26901 // JVNDB: JVNDB-2020-012227

AFFECTED PRODUCTS

vendor:netgearmodel:rbr750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbs850scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbr850scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbk752scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbs750scope:ltversion:3.2.15.25

Trust: 1.0

vendor:netgearmodel:rbk852scope:ltversion:3.2.15.25

Trust: 1.0

vendor:ネットギアmodel:rbk752scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbk852scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbr850scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs750scope: - version: -

Trust: 0.8

vendor:ネットギアmodel:rbs850scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012227 // NVD: CVE-2020-26901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26901
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2020-26901
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-26901
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-331
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-26901
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26901
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-26901
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2020-26901
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012227 // CNNVD: CNNVD-202010-331 // NVD: CVE-2020-26901 // NVD: CVE-2020-26901

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012227 // NVD: CVE-2020-26901

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-331

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202010-331

PATCH

title:Security Advisory for Sensitive Information Disclosure on Some WiFi Systems, PSV-2020-0036url:https://kb.netgear.com/000062353/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0036

Trust: 0.8

title:Multiple NETGEAR Repair measures for device information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131120

Trust: 0.6

sources: JVNDB: JVNDB-2020-012227 // CNNVD: CNNVD-202010-331

EXTERNAL IDS

db:NVDid:CVE-2020-26901

Trust: 2.4

db:JVNDBid:JVNDB-2020-012227

Trust: 0.8

db:CNNVDid:CNNVD-202010-331

Trust: 0.6

sources: JVNDB: JVNDB-2020-012227 // CNNVD: CNNVD-202010-331 // NVD: CVE-2020-26901

REFERENCES

url:https://kb.netgear.com/000062353/security-advisory-for-sensitive-information-disclosure-on-some-wifi-systems-psv-2020-0036

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-26901

Trust: 1.4

sources: JVNDB: JVNDB-2020-012227 // CNNVD: CNNVD-202010-331 // NVD: CVE-2020-26901

SOURCES

db:JVNDBid:JVNDB-2020-012227
db:CNNVDid:CNNVD-202010-331
db:NVDid:CVE-2020-26901

LAST UPDATE DATE

2024-11-23T21:35:14.221000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-012227date:2021-04-27T05:46:00
db:CNNVDid:CNNVD-202010-331date:2020-10-21T00:00:00
db:NVDid:CVE-2020-26901date:2024-11-21T05:20:26.950

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-012227date:2021-04-27T00:00:00
db:CNNVDid:CNNVD-202010-331date:2020-10-09T00:00:00
db:NVDid:CVE-2020-26901date:2020-10-09T07:15:14.730