CVE-2020-26921

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 67.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Gs110emx Firmware Netgear Gs810emx Firmware Netgear Xs512em Firmware +1 more

Timeline

PublishedOct 9

Latest updateMay 24

Description

Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 2.8 | Impact: 5.5

Affected Packages4 packages

▶NVDnetgear/xs512em_firmware< 1.0.1.3

▶NVDnetgear/xs724em_firmware< 1.0.1.3

▶NVDnetgear/gs110emx_firmware< 1.0.1.7

▶NVDnetgear/gs810emx_firmware< 1.7.1.3

🔴Vulnerability Details

GHSA

GHSA-9p3v-vg9h-wqg7: Certain NETGEAR devices are affected by authentication bypass↗2022-05-24

▶

CVEList

CVE-2020-26921: Certain NETGEAR devices are affected by authentication bypass↗2020-10-09

▶