Advisory Details

January 18th, 2021

NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability

ZDI-21-072
ZDI-CAN-11559

CVE ID CVE-2020-27873
CVSS SCORE 6.5, (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
AFFECTED VENDORS NETGEAR
AFFECTED PRODUCTS R7450
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

ADDITIONAL DETAILS NETGEAR has issued an update to correct this vulnerability. More details can be found at:
https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers
DISCLOSURE TIMELINE
  • 2020-08-21 - Vulnerability reported to vendor
  • 2021-01-18 - Coordinated public release of advisory
CREDIT 1sd3d of Viettel Cyber Security
BACK TO ADVISORIES