CVE-2020-27873 MEDIUM

CVE-2020-27873

Vendor Netgear

Product R7450

Weakness CWE-284

Published February 4, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.

Key dates

02Disclosure timeline

February 4, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27873 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2020-27873

01Description

02Disclosure timeline

03References

04Related CVE