CVE-2020-11549

HIGH Year: 2020
CVSS v3 Score
8.3
High
CVSS v2 Score
8.3
High
Weakness Type
CWE-798
View all →

Vulnerability Description

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system.

Related Vulnerabilities

CVE-2019-3710

HIGH
CVSS:8.3(High)

Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthe...

CWE-7982019

CVE-2024-46436

HIGH
CVSS:8.3(High)

Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.

CWE-7982024

CVE-2018-0141

HIGH
CVSS:8.4(High)

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is du...

CWE-7982018

CVE-2019-15015

HIGH
CVSS:8.4(High)

In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining acce...

CWE-7982019

CVE-2019-15017

HIGH
CVSS:8.4(High)

The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to th...

CWE-7982019

CVE-2022-36222

HIGH
CVSS:8.4(High)

Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface.

CWE-7982022