Description
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.netgear.com/about/security/
Exploit, Third Party Advisory x_refsource_misc
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
Scores
CVSS v3
5.9
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (14)
netgear/r6120_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r6220_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r6350_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r6400_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r6800_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r6850_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r7000p_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r7800_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r8000_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
netgear/r9000_firmware
v1.0.9.6_1.2.19 - v1.0.11.100_10.2.100
... and 4 more
Published
May 28, 2020
Tracked Since
Feb 18, 2026