CVE-2020-11549

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:rbs50y_firmware:2.5.1.106:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs50y:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:netgear:srr60_firmware:2.5.1.106:*:*:*:*:*:*:*
cpe:2.3:h:netgear:srr60:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:netgear:srs60_firmware:2.5.1.106:*:*:*:*:*:*:*
cpe:2.3:h:netgear:srs60:-:*:*:*:*:*:*:*

Information

Published : 2020-05-18 09:15

Updated : 2020-05-20 07:26


NVD link : CVE-2020-11549

Mitre link : CVE-2020-11549


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

netgear

  • srr60_firmware
  • srr60
  • srs60_firmware
  • rbs50y_firmware
  • rbs50y
  • srs60