modzero/MZ-20-02-NETGEAR-Orbi-Security

modzero/MZ-20-02-NETGEAR-Orbi-Security

Releases0

Stars4

NETGEAR Orbi Pro Mesh WiFi System - Proof of Concept Exploits and additional information in security advisory MZ-20-02

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-11549 ↗	May 18, 2020Monday, 18 May 2020, 16:15	8.8 HIGH	8.3 HIGH
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.
CVE-2020-11550 ↗	May 18, 2020Monday, 18 May 2020, 16:15	6.5 MEDIUM	3.3 LOW
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK).
CVE-2020-11551 ↗	May 18, 2020Monday, 18 May 2020, 16:15	8.8 HIGH	5.8 MEDIUM
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc.