Netgear Products Multiple Vulnerabilities

Impact

• Remote Code Execution
• Denial of Service
• Information Disclosure
• Security Restriction Bypass

System / Technologies affected

• Netgear DSL Modem Router D6220
• Netgear DSL Modem Router D6400
• Netgear DSL Modem Router D7000v2
• Netgear Orbi WiFi System CBR40
• Netgear Router R6400
• Netgear Router R6400v2
• Netgear Router R6700v3
• Netgear Router R6900P
• Netgear Router R7000
• Netgear Router R7000P
• Netgear Router R8500
• Netgear Router RAX15
• Netgear Router RAX20
• Netgear Router RAX35v2
• Netgear Router RAX38v2
• Netgear Router RAX40v2
• Netgear Router RAX42
• Netgear Router RAX43
• Netgear Router RAX45
• Netgear Router RAX48
• Netgear Router RAX50
• Netgear Router RAX50S
• Netgear Router RS400
• Netgear Router WNDR3400v3
• Netgear Router WNR3500Lv2
• Netgear Router XR300
• Netgear Cable Modem Router CAX80
• Netgear Fixed Wireless LAX20
• Netgear Fixed Wireless R7100LG
• Netgear Nightthawk Mesh WiFi System MR80
• Netgear Nightthawk Mesh WiFi System MS80
• Netgear Wireless DC112A

Please refer to the link below for detail:

https://kb.netgear.com/000064724/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2021-0330?article=000064724

https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327?article=000064723

https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325?article=000064722

https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324?article=000064721

https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323?article=000064720

https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321?article=000064719

Solutions

Before installation of the software, please visit the vendor's web-site for more details.

• Apply fixes issued by the vendor:
  • https://kb.netgear.com/000064724/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2021-0330?article=000064724
  • https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327?article=000064723
  • https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325?article=000064722
  • https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324?article=000064721
  • https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323?article=000064720
  • https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321?article=000064719

Vulnerability Identifier

• CVE-2011-5325
• CVE-2022-27642
• CVE-2022-27643
• CVE-2022-27644
• CVE-2022-27645
• CVE-2022-27646
• CVE-2022-27647

Source

• Netgear Security Advisory

Related Link

• https://kb.netgear.com/000064724/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2021-0330?article=000064724
• https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327?article=000064723
• https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325?article=000064722
• https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324?article=000064721
• https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323?article=000064720
• https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321?article=000064719