Netgear Products Multiple Vulnerabilities
Last Update Date:
17 Dec 2020 11:38
Release Date:
17 Dec 2020
4849
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Netgear Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, cross-site scripting and bypass security restriction on the targeted system.
Impact
- Cross-Site Scripting
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- CBR40, running firmware versions prior to 2.5.0.10
- D6220, running firmware versions prior to 1.0.0.60
- D6400, running firmware versions prior to 1.0.0.94
- D7000v2, running firmware versions prior to 1.0.0.62
- D7800, running firmware versions prior to 1.0.1.56
- D8500, running firmware versions prior to 1.0.3.50
- DC112A, running firmware versions prior to 1.0.0.48
- DGN2200v4, running firmware versions prior to 1.0.0.114
- EAX20, running firmware versions prior to 1.0.0.36
- EAX80, running firmware versions prior to 1.0.1.62
- EX3700, running firmware versions prior to 1.0.0.84
- EX3700/EX3800, running firmware versions prior to 1.0.0.84
- EX3800, running firmware versions prior to 1.0.0.84
- EX3920, running firmware versions prior to 1.0.0.84
- EX6000, running firmware versions prior to 1.0.0.44
- EX6100, running firmware versions prior to 1.0.2.28
- EX6100v2, running firmware versions prior to 1.0.1.86
- EX6120, running firmware versions prior to 1.0.0.54
- EX6130, running firmware versions prior to 1.0.0.36
- EX6150, running firmware versions prior to 1.0.0.46
- EX6150v2, running firmware versions prior to 1.0.1.86
- EX6200, running firmware versions prior to 1.0.3.94
- EX6200v2, running firmware versions prior to 1.0.1.78
- EX6250, running firmware versions prior to 1.0.0.110
- EX6400, running firmware versions prior to 1.0.2.144
- EX6400v2, running firmware versions prior to 1.0.0.110
- EX6410, running firmware versions prior to 1.0.0.110
- EX6420, running firmware versions prior to 1.0.0.110
- EX6920, running firmware versions prior to 1.0.0.54
- EX7000, running firmware versions prior to 1.0.1.90
- EX7300, running firmware versions prior to 1.0.2.144
- EX7300v2, running firmware versions prior to 1.0.0.110
- EX7320, running firmware versions prior to 1.0.0.110
- EX7500, running firmware versions prior to 1.0.0.68
- EX7700, running firmware versions prior to 1.0.0.202
- EX8000, running firmware versions prior to 1.0.1.202
- MK62, running firmware versions prior to 1.0.5.102
- MR60, running firmware versions prior to 1.0.5.102
- MS60, running firmware versions prior to 1.0.5.102
- NMS300, running firmware versions prior to 1.6.0.27
- R6250, running firmware versions prior to 1.0.4.42
- R6300v2, running firmware versions prior to 1.0.4.42
- R6400, running firmware versions prior to 1.0.1.62
- R6400v1, running firmware versions prior to 1.0.1.62
- R6400v2, running firmware versions prior to 1.0.4.98
- R6700, running firmware versions prior to 1.0.2.16
- R6700v1, running firmware versions prior to 1.0.2.16
- R6700v3, running firmware versions prior to 1.0.4.98
- R6900, running firmware versions prior to 1.0.2.16
- R6900P, running firmware versions prior to 1.3.2.124
- R6900v1, running firmware versions prior to 1.0.2.16
- R7000, running firmware versions prior to 1.0.11.106
- R7000P, running firmware versions prior to 1.3.2.124
- R7100LG, running firmware versions prior to 1.0.0.56
- R7500v2, running firmware versions prior to 1.0.3.46
- R7500v2, running firmware versions prior to 1.0.3.48
- R7800, running firmware versions prior to 1.0.2.68
- R7850, running firmware versions prior to 1.0.5.60
- R7900, running firmware versions prior to 1.0.4.26
- R7900P, running firmware versions prior to 1.4.1.62
- R7960P, running firmware versions prior to 1.4.1.62
- R8000, running firmware versions prior to 1.0.4.58
- R8000P, running firmware versions prior to 1.4.1.62
- R8300, running firmware versions prior to 1.0.2.134
- R8500, running firmware versions prior to 1.0.2.134
- R8900, running firmware versions prior to 1.0.4.28
- R8900, running firmware versions prior to 1.0.5.2
- R9000, running firmware versions prior to 1.0.4.28
- R9000, running firmware versions prior to 1.0.5.2
- RAX120, running firmware versions prior to 1.0.0.78
- RAX15, running firmware versions prior to 1.0.1.64
- RAX20, running firmware versions prior to 1.0.1.64
- RAX200, running firmware versions prior to 1.0.2.102
- RAX45, running firmware versions prior to 1.0.2.32
- RAX50, running firmware versions prior to 1.0.2.32
- RAX75, running firmware versions prior to 1.0.3.102
- RAX80, running firmware versions prior to 1.0.3.102
- RBK20, running firmware versions prior to 2.3.5.26
- RBK40, running firmware versions prior to 2.3.5.30
- RBK50, running firmware versions prior to 2.3.5.30
- RBK750, running firmware versions prior to 3.2.16.6
- RBK752, running firmware versions prior to 3.2.16.6
- RBK842, running firmware versions prior to 3.2.16.6
- RBK850, running firmware versions prior to 3.2.16.6
- RBK852, running firmware versions prior to 3.2.16.6
- RBR20, running firmware versions prior to 2.3.5.26
- RBR40, running firmware versions prior to 2.3.5.30
- RBR50, running firmware versions prior to 2.3.5.30
- RBR750, running firmware versions prior to 3.2.16.6
- RBR840, running firmware versions prior to 3.2.16.6
- RBR850, running firmware versions prior to 3.2.16.6
- RBS20, running firmware versions prior to 2.3.5.26
- RBS40, running firmware versions prior to 2.3.5.30
- RBS40V, running firmware versions prior to 2.5.1.6
- RBS40V-200, running firmware versions prior to 1.0.0.46
- RBS50, running firmware versions prior to 2.3.5.30
- RBS750, running firmware versions prior to 3.2.16.6
- RBS840, running firmware versions prior to 3.2.16.6
- RBS850, running firmware versions prior to 3.2.16.6
- RBW30, running firmware versions prior to 2.5.0.4
- RS400, running firmware versions prior to 1.5.0.48
- SXK80, running firmware versions prior to 3.1.0.104
- WAX610, running firmware versions prior to 9.0.2.3
- WN2500RPv2, running firmware versions prior to 1.0.1.56
- WNDR3400v3, running firmware versions prior to 1.0.1.32
- WNR1000v3, running firmware versions prior to 1.0.2.78
- WNR2000v2, running firmware versions prior to 1.2.0.12
- WNR2000v5, running firmware versions prior to 1.0.0.72
- WNR3500Lv2, running firmware versions prior to 1.2.0.62
- XR300, running firmware versions prior to 1.0.3.50
- XR500, running firmware versions prior to 2.3.2.56
- XR700, running firmware versions prior to 1.0.1.10
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
https://kb.netgear.com/000062673/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0501
https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507
https://kb.netgear.com/000062671/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0492
https://kb.netgear.com/000062670/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Product-or-Product-Category-PSV-2018-0485
https://kb.netgear.com/000062669/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0488
https://kb.netgear.com/000062668/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0493
https://kb.netgear.com/000062667/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0496
https://kb.netgear.com/000062666/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0494
https://kb.netgear.com/000062675/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0500
https://kb.netgear.com/000062676/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0498
https://kb.netgear.com/000062677/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0512
https://kb.netgear.com/000062678/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0505
https://kb.netgear.com/000062679/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0508
https://kb.netgear.com/000062680/Security-Advisory-for-Vertical-Privilege-Escalation-on-WAX610-PSV-2020-0374
https://kb.netgear.com/000062681/Security-Advisory-for-Denial-of-Service-on-Some-Routers-and-Extenders-PSV-2019-0162
https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157
https://kb.netgear.com/000062683/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0108
https://kb.netgear.com/000062684/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0118
https://kb.netgear.com/000062685/Security-Advisory-for-Missing-Function-Level-Access-Control-on-SXK80-PSV-2020-0425
https://kb.netgear.com/000062686/Security-Advisory-for-Post-Authentication-Command-Injection-on-NMS300-PSV-2020-0559
https://kb.netgear.com/000062687/Security-Advisory-for-Denial-of-Service-on-NMS300-PSV-2020-0561
https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560
Vulnerability Identifier
- No CVE information is available
Source
Related Link
- https://www.securitywizardry.com/the-radar-page/alert-details#alerts
- https://www.netgear.com/about/security/
- https://kb.netgear.com/000062674/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-PSV-2018-0510
- https://kb.netgear.com/000062673/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0501
- https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507
- https://kb.netgear.com/000062671/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0492
- https://kb.netgear.com/000062670/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Product-or-Product-Category-PSV-2018-0485
- https://kb.netgear.com/000062669/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0488
- https://kb.netgear.com/000062668/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0493
- https://kb.netgear.com/000062667/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0496
- https://kb.netgear.com/000062666/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0494
- https://kb.netgear.com/000062675/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0500
- https://kb.netgear.com/000062676/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0498
- https://kb.netgear.com/000062677/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0512
- https://kb.netgear.com/000062678/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0505
- https://kb.netgear.com/000062679/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0508
- https://kb.netgear.com/000062680/Security-Advisory-for-Vertical-Privilege-Escalation-on-WAX610-PSV-2020-0374
- https://kb.netgear.com/000062681/Security-Advisory-for-Denial-of-Service-on-Some-Routers-and-Extenders-PSV-2019-0162
- https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157
- https://kb.netgear.com/000062683/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0108
- https://kb.netgear.com/000062684/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0118
- https://kb.netgear.com/000062685/Security-Advisory-for-Missing-Function-Level-Access-Control-on-SXK80-PSV-2020-0425
- https://kb.netgear.com/000062686/Security-Advisory-for-Post-Authentication-Command-Injection-on-NMS300-PSV-2020-0559
- https://kb.netgear.com/000062687/Security-Advisory-for-Denial-of-Service-on-NMS300-PSV-2020-0561
- https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560
Share with