Improper Certificate Validation in R6700 - #VU29045

 

Improper Certificate Validation in R6700 - #VU29045

Published: June 16, 2020


Vulnerability identifier: #VU29045
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-295
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: NETGEAR
Affected software:
R6700

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to a missing certification validation within the downloading of files via HTTPS. A remote attacker on the local network can gain access to sensitive information on the target system.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources