CVE-2020-35802
📋 TL;DR
This vulnerability in certain NETGEAR routers and WiFi systems allows unauthorized disclosure of sensitive information. Attackers can potentially access confidential data stored on affected devices. The vulnerability impacts multiple NETGEAR models running outdated firmware versions.
💻 Affected Systems
- NETGEAR CBR40
- RBW30
- RAX75
- RAX80
- RBK752
- RBR750
- RBS750
- RBK852
- RBR850
- RBS850
- RBK842
- RBR840
- RBS840
- RBS40V
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to sensitive configuration data, credentials, or network information that could lead to complete network compromise.
Likely Case
Unauthorized access to device configuration details, potentially exposing network topology or administrative information.
If Mitigated
Limited information disclosure with no critical credentials exposed due to proper network segmentation and access controls.
🎯 Exploit Status
The advisory indicates information disclosure that could be exploited without authentication, suggesting relatively simple exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: CBR40 2.5.0.14+, RBW30 2.6.1.4+, RAX75 1.0.3.102+, RAX80 1.0.3.102+, RBK752/RBR750/RBS750 3.2.16.6+, RBK852/RBR850/RBS850 3.2.16.6+, RBK842/RBR840/RBS840 3.2.16.6+, RBS40V 2.6.1.4+
Vendor Advisory: https://kb.netgear.com/000062720/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-WiFi-Systems-PSV-2020-0331
Restart Required: Yes
Instructions:
1. Log into NETGEAR router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install the latest firmware. 4. Reboot the device after installation completes.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices from critical network segments to limit potential data exposure.
Access Control Restrictions
allImplement strict firewall rules to limit access to router management interfaces.
🧯 If You Can't Patch
- Replace affected devices with patched models or alternative vendors
- Implement network monitoring to detect unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check current firmware version in router admin interface under Advanced > Administration > Firmware UpdateCheck Version:
Check via router web interface or use manufacturer's mobile appVerify Fix Applied:
Confirm firmware version matches or exceeds patched versions listed in the advisory📡 Detection & Monitoring
Log Indicators:
- Unusual access to router management interfaces
- Multiple failed authentication attempts followed by successful access
Network Indicators:
- Unexpected traffic to router management ports
- Unusual outbound connections from router
SIEM Query:
source="router_logs" AND (event="unauthorized_access" OR event="configuration_access")