Vulnerability Details : CVE-2020-13245
Potential exploit
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
Products affected by CVE-2020-13245
- Netgear » R6400 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
- Netgear » R8000 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
- Netgear » R6220 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6220_firmware:*:*:*:*:*:*:*:*
- Netgear » R6120 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6120_firmware:*:*:*:*:*:*:*:*
- Netgear » R6800 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6800_firmware:*:*:*:*:*:*:*:*
- Netgear » R7000p FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
- Netgear » R7800 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r7800_firmware:*:*:*:*:*:*:*:*
- Netgear » R9000 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
- Netgear » Xr500 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:xr500_firmware:*:*:*:*:*:*:*:*
- Netgear » Rbr20 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:rbr20_firmware:*:*:*:*:*:*:*:*
- Netgear » Rax120 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:rax120_firmware:*:*:*:*:*:*:*:*
- Netgear » Xr300 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:xr300_firmware:*:*:*:*:*:*:*:*
- Netgear » R6850 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6850_firmware:*:*:*:*:*:*:*:*
- Netgear » R6350 FirmwareVersions from including (>=) v1.0.9.6_1.2.19 and up to, including, (<=) v1.0.11.100_10.2.100cpe:2.3:o:netgear:r6350_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13245
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13245
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2020-13245
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13245
-
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
Netgear Nighthawk Firmware Update VulnerabilityExploit;Third Party Advisory
-
https://www.netgear.com/about/security/
Security Advisory | About Us | NETGEARVendor Advisory
Jump to