Netgear Products Multiple Vulnerabilities
Release Date:
7 Dec 2021
4774
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Netgear Products. A remote attacker could exploit this vulnerability to trigger remote code execution, denial of service condition and information disclosure on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
System / Technologies affected
- D7800 firmware versions prior to 1.0.1.66
- EX2700 firmware versions prior to 1.0.1.68
- WN3000RPv2 firmware versions prior to 1.0.0.90
- WN3000RPv3 firmware versions prior to 1.0.2.100
- LBR1020 firmware versions prior to 2.6.5.20
- LBR20 firmware versions prior to 2.6.5.32
- R6700AX firmware versions prior to 1.0.10.110
- R7800 firmware versions prior to 1.0.2.86
- R8900 firmware versions prior to 1.0.5.38
- R9000 firmware versions prior to 1.0.5.38
- RAX10 firmware versions prior to 1.0.10.110
- RAX120v1 firmware versions prior to 1.2.3.28
- RAX120v2 firmware versions prior to 1.2.3.28
- RAX70 firmware versions prior to 1.0.10.110
- RAX78 firmware versions prior to 1.0.10.110
- XR450 firmware versions prior to 2.3.2.130
- XR500 firmware versions prior to 2.3.2.130
- XR700 firmware versions prior to 1.0.1.46
- AC2100 firmware version prior to 1.2.0.88
- AC2400 firmware version prior to 1.2.0.88
- AC2600 firmware version prior to 1.2.0.88
- D7000 firmware version prior to 1.0.1.82
- R6220 firmware version prior to 1.1.0.110
- R6230 firmware version prior to 1.1.0.110
- R6260 firmware version prior to 1.1.0.84
- R6330 firmware version prior to 1.1.0.84
- R6350 firmware version prior to 1.1.0.84
- R6700v2 firmware version prior to 1.2.0.88
- R6800 firmware version prior to 1.2.0.88
- R6850 firmware version prior to 1.1.0.84
- R6900v2 firmware version prior to 1.2.0.88
- R7200 firmware version prior to 1.2.0.88
- R7350 firmware version prior to 1.2.0.88
- R7400 firmware version prior to 1.2.0.88
- R7450 firmware version prior to 1.2.0.88
- RAX35 firmware version prior to 1.0.4.102
- RAX38 firmware version prior to 1.0.4.102
- RAX40 firmware version prior to 1.0.4.102
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
- Upgrade D7800 firmware versions to 1.0.1.66
- Upgrade EX2700 firmware versions to 1.0.1.68
- Upgrade WN3000RPv2 firmware versions to 1.0.0.90
- Upgrade WN3000RPv3 firmware versions to 1.0.2.100
- Upgrade LBR1020 firmware versions to 2.6.5.20
- Upgrade LBR20 firmware versions to 2.6.5.32
- Upgrade R6700AX firmware versions to 1.0.10.110
- Upgrade R7800 firmware versions to 1.0.2.86
- Upgrade R8900 firmware versions to 1.0.5.38
- Upgrade R9000 firmware versions to 1.0.5.38
- Upgrade RAX10 firmware versions to 1.0.10.110
- Upgrade RAX120v1 firmware versions to 1.2.3.28
- Upgrade RAX120v2 firmware versions to 1.2.3.28
- Upgrade RAX70 firmware versions to 1.0.10.110
- Upgrade RAX78 firmware versions to 1.0.10.110
- Upgrade XR450 firmware versions to 2.3.2.130
- Upgrade XR500 firmware versions to 2.3.2.130
- Upgrade XR700 firmware versions to 1.0.1.46
- Upgrade AC2100 firmware version to 1.2.0.88
- Upgrade AC2400 firmware version to 1.2.0.88
- Upgrade AC2600 firmware version to 1.2.0.88
- Upgrade D7000 firmware version to 1.0.1.82
- Upgrade R6220 firmware version to 1.1.0.110
- Upgrade R6230 firmware version to 1.1.0.110
- Upgrade R6260 firmware version to 1.1.0.84
- Upgrade R6330 firmware version to 1.1.0.84
- Upgrade R6350 firmware version to 1.1.0.84
- Upgrade R6700v2 firmware version to 1.2.0.88
- Upgrade R6800 firmware version to 1.2.0.88
- Upgrade R6850 firmware version to 1.1.0.84
- Upgrade R6900v2 firmware version to 1.2.0.88
- Upgrade R7200 firmware version to 1.2.0.88
- Upgrade R7350 firmware version to 1.2.0.88
- Upgrade R7400 firmware version to 1.2.0.88
- Upgrade R7450 firmware version to 1.2.0.88
- Upgrade RAX35 firmware version to 1.0.4.102
- Upgrade RAX38 firmware version to 1.0.4.102
- Upgrade RAX40 firmware version to 1.0.4.102
- https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
- https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172?article=000064406
- https://kb.netgear.com/000064405/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2021-0268?article=000064405
Vulnerability Identifier
Source
Related Link
- https://www.auscert.org.au/bulletins/ASB-2021.0243
- https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
- https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172?article=000064406
- https://kb.netgear.com/000064405/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2021-0268?article=000064405
Share with