Netgear Products Remote Code Execution Vulnerabilities
Last Update Date:
5 Aug 2020
Release Date:
4 Aug 2020
4843
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Netgear products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system.
Note: Updated on 5 Aug 2020, for R6700 model
Impact
- Remote Code Execution
System / Technologies affected
- R8300 running firmware versions prior to 1.0.2.134
- R6700v3 running firmware versions prior to 1.0.4.98
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211
Vulnerability Identifier
Note: No CVE information is available for another vulnerability
Source
Related Link
- https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211
- https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202
- https://www.zerodayinitiative.com/advisories/ZDI-20-936/
- https://www.securitywizardry.com/the-radar-page/alert-details#alerts
Share with