Netgear Products Multiple Vulnerabilities
Release Date:
23 Mar 2023
4350
Views
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Netgear Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.
Note:
Proof of Concept exploit code is publicly available for CVE-2022-36429, CVE-2022-37337, CVE-2022-38452 and CVE-2022-38458.
Impact
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- NETGEAR Orbi Mesh Router RBR750
- NETGEAR Orbi Mesh Router RBR840
- NETGEAR Orbi Mesh Router RBR850
- NETGEAR Orbi Mesh Router RBR860
- NETGEAR Orbi Mesh Router RBRE950
- NETGEAR Orbi Mesh Router RBRE960
- NETGEAR Orbi Mesh Router RBS750
- NETGEAR Orbi Mesh Router RBS840
- NETGEAR Orbi Mesh Router RBS850
- NETGEAR Orbi Mesh Router RBS860
- NETGEAR Orbi Mesh Router RBSE950
- NETGEAR Orbi Mesh Router RBSE960
Please refer to the link below for detail:
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
Vulnerability Identifier
Source
Related Link
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
- https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598
Share with