Netgear R7450 1.2.0.62_1.0.1 SOAP API endpoint access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Netgear R7450 1.2.0.62_1.0.1 (Wireless LAN Software). This affects some unknown processing of the component SOAP API endpoint. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/05/2021 08:18 AM02/23/2021 03:24 PM
vendorNetgearNetgear
nameR7450R7450
version1.2.0.62_1.0.11.2.0.62_1.0.1
componentSOAP API endpointSOAP API endpoint
cwe284 (privilege escalation)284 (privilege escalation)
risk22
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
urlhttps://www.zerodayinitiative.com/advisories/ZDI-21-072/https://www.zerodayinitiative.com/advisories/ZDI-21-072/
confirm_urlhttps://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routershttps://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers
cveCVE-2020-27873CVE-2020-27873
date1612479600 (02/05/2021)1612479600 (02/05/2021)
typeWireless LAN SoftwareWireless LAN Software
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss2_vuldb_basescore3.33.3
cvss2_vuldb_tempscore3.33.3
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_meta_basescore4.34.3
cvss3_meta_tempscore4.34.3
price_0day$5k-$25k$5k-$25k
cve_assigned1603753200
cve_nvd_summaryThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559.

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!