CVE-2020-13245Improper Certificate Validation in Netgear R6120 Firmware

CWE-295Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 63.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Netgear R6120 FirmwareNetgear R6220 FirmwareNetgear R6350 Firmware+11 more
Timeline
PublishedMay 28
Latest updateMay 24

Description

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages14 packages

NVDnetgear/r7000p_firmwarev1.0.9.6_1.2.19v1.0.11.100_10.2.100
NVDnetgear/r6120_firmwarev1.0.9.6_1.2.19v1.0.11.100_10.2.100
NVDnetgear/r6220_firmwarev1.0.9.6_1.2.19v1.0.11.100_10.2.100
NVDnetgear/r6350_firmwarev1.0.9.6_1.2.19v1.0.11.100_10.2.100
NVDnetgear/r6400_firmwarev1.0.9.6_1.2.19v1.0.11.100_10.2.100

🔴Vulnerability Details

2
GHSA
GHSA-56v7-8wp3-r2g7: Certain NETGEAR devices are affected by Missing SSL Certificate Validation2022-05-24
CVEList
CVE-2020-13245: Certain NETGEAR devices are affected by Missing SSL Certificate Validation2020-05-28
CVE-2020-13245 — Improper Certificate Validation | cvebase