Netgear 產品多個漏洞
最後更新
2020年12月17日 11:38
發佈日期:
2020年12月17日
1840
觀看次數
風險: 中度風險
類型: 操作系統 - Network
於 Netgear 產品發現多個漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、提升權限、遠端執行任意程式碼、跨網站指令碼及繞過保安限制。
影響
- 跨網站指令碼
- 阻斷服務
- 權限提升
- 遠端執行程式碼
- 繞過保安限制
受影響之系統或技術
- CBR40, running firmware 2.5.0.10 之前的版本
- D6220, running firmware 1.0.0.60 之前的版本
- D6400, running firmware 1.0.0.94 之前的版本
- D7000v2, running firmware 1.0.0.62 之前的版本
- D7800, running firmware 1.0.1.56 之前的版本
- D8500, running firmware 1.0.3.50 之前的版本
- DC112A, running firmware 1.0.0.48 之前的版本
- DGN2200v4, running firmware 1.0.0.114 之前的版本
- EAX20, running firmware 1.0.0.36 之前的版本
- EAX80, running firmware 1.0.1.62 之前的版本
- EX3700, running firmware 1.0.0.84 之前的版本
- EX3700/EX3800, running firmware 1.0.0.84 之前的版本
- EX3800, running firmware 1.0.0.84 之前的版本
- EX3920, running firmware 1.0.0.84 之前的版本
- EX6000, running firmware 1.0.0.44 之前的版本
- EX6100, running firmware 1.0.2.28 之前的版本
- EX6100v2, running firmware 1.0.1.86 之前的版本
- EX6120, running firmware 1.0.0.54 之前的版本
- EX6130, running firmware 1.0.0.36 之前的版本
- EX6150, running firmware 1.0.0.46 之前的版本
- EX6150v2, running firmware 1.0.1.86 之前的版本
- EX6200, running firmware 1.0.3.94 之前的版本
- EX6200v2, running firmware 1.0.1.78 之前的版本
- EX6250, running firmware 1.0.0.110 之前的版本
- EX6400, running firmware 1.0.2.144 之前的版本
- EX6400v2, running firmware 1.0.0.110 之前的版本
- EX6410, running firmware 1.0.0.110 之前的版本
- EX6420, running firmware 1.0.0.110 之前的版本
- EX6920, running firmware 1.0.0.54 之前的版本
- EX7000, running firmware 1.0.1.90 之前的版本
- EX7300, running firmware 1.0.2.144 之前的版本
- EX7300v2, running firmware 1.0.0.110 之前的版本
- EX7320, running firmware 1.0.0.110 之前的版本
- EX7500, running firmware 1.0.0.68 之前的版本
- EX7700, running firmware 1.0.0.202 之前的版本
- EX8000, running firmware 1.0.1.202 之前的版本
- MK62, running firmware 1.0.5.102 之前的版本
- MR60, running firmware 1.0.5.102 之前的版本
- MS60, running firmware 1.0.5.102 之前的版本
- NMS300, running firmware 1.6.0.27 之前的版本
- R6250, running firmware 1.0.4.42 之前的版本
- R6300v2, running firmware 1.0.4.42 之前的版本
- R6400, running firmware 1.0.1.62 之前的版本
- R6400v1, running firmware 1.0.1.62 之前的版本
- R6400v2, running firmware 1.0.4.98 之前的版本
- R6700, running firmware 1.0.2.16 之前的版本
- R6700v1, running firmware 1.0.2.16 之前的版本
- R6700v3, running firmware 1.0.4.98 之前的版本
- R6900, running firmware 1.0.2.16 之前的版本
- R6900P, running firmware 1.3.2.124 之前的版本
- R6900v1, running firmware 1.0.2.16 之前的版本
- R7000, running firmware 1.0.11.106 之前的版本
- R7000P, running firmware 1.3.2.124 之前的版本
- R7100LG, running firmware 1.0.0.56 之前的版本
- R7500v2, running firmware 1.0.3.46 之前的版本
- R7500v2, running firmware 1.0.3.48 之前的版本
- R7800, running firmware 1.0.2.68 之前的版本
- R7850, running firmware 1.0.5.60 之前的版本
- R7900, running firmware 1.0.4.26 之前的版本
- R7900P, running firmware 1.4.1.62 之前的版本
- R7960P, running firmware 1.4.1.62 之前的版本
- R8000, running firmware 1.0.4.58 之前的版本
- R8000P, running firmware 1.4.1.62 之前的版本
- R8300, running firmware 1.0.2.134 之前的版本
- R8500, running firmware 1.0.2.134 之前的版本
- R8900, running firmware 1.0.4.28 之前的版本
- R8900, running firmware 1.0.5.2 之前的版本
- R9000, running firmware 1.0.4.28 之前的版本
- R9000, running firmware 1.0.5.2 之前的版本
- RAX120, running firmware 1.0.0.78 之前的版本
- RAX15, running firmware 1.0.1.64 之前的版本
- RAX20, running firmware 1.0.1.64 之前的版本
- RAX200, running firmware 1.0.2.102 之前的版本
- RAX45, running firmware 1.0.2.32 之前的版本
- RAX50, running firmware 1.0.2.32 之前的版本
- RAX75, running firmware 1.0.3.102 之前的版本
- RAX80, running firmware 1.0.3.102 之前的版本
- RBK20, running firmware 2.3.5.26 之前的版本
- RBK40, running firmware 2.3.5.30 之前的版本
- RBK50, running firmware 2.3.5.30 之前的版本
- RBK750, running firmware 3.2.16.6 之前的版本
- RBK752, running firmware 3.2.16.6 之前的版本
- RBK842, running firmware 3.2.16.6 之前的版本
- RBK850, running firmware 3.2.16.6 之前的版本
- RBK852, running firmware 3.2.16.6 之前的版本
- RBR20, running firmware 2.3.5.26 之前的版本
- RBR40, running firmware 2.3.5.30 之前的版本
- RBR50, running firmware 2.3.5.30 之前的版本
- RBR750, running firmware 3.2.16.6 之前的版本
- RBR840, running firmware 3.2.16.6 之前的版本
- RBR850, running firmware 3.2.16.6 之前的版本
- RBS20, running firmware 2.3.5.26 之前的版本
- RBS40, running firmware 2.3.5.30 之前的版本
- RBS40V, running firmware 2.5.1.6 之前的版本
- RBS40V-200, running firmware 1.0.0.46 之前的版本
- RBS50, running firmware 2.3.5.30 之前的版本
- RBS750, running firmware 3.2.16.6 之前的版本
- RBS840, running firmware 3.2.16.6 之前的版本
- RBS850, running firmware 3.2.16.6 之前的版本
- RBW30, running firmware 2.5.0.4 之前的版本
- RS400, running firmware 1.5.0.48 之前的版本
- SXK80, running firmware 3.1.0.104 之前的版本
- WAX610, running firmware 9.0.2.3 之前的版本
- WN2500RPv2, running firmware 1.0.1.56 之前的版本
- WNDR3400v3, running firmware 1.0.1.32 之前的版本
- WNR1000v3, running firmware 1.0.2.78 之前的版本
- WNR2000v2, running firmware 1.2.0.12 之前的版本
- WNR2000v5, running firmware 1.0.0.72 之前的版本
- WNR3500Lv2, running firmware 1.2.0.62 之前的版本
- XR300, running firmware 1.0.3.50 之前的版本
- XR500, running firmware 2.3.2.56 之前的版本
- XR700, running firmware 1.0.1.10 之前的版本
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
- 安裝供應商提供的修補程式:
https://kb.netgear.com/000062673/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0501
https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507
https://kb.netgear.com/000062671/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0492
https://kb.netgear.com/000062670/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Product-or-Product-Category-PSV-2018-0485
https://kb.netgear.com/000062669/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0488
https://kb.netgear.com/000062668/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0493
https://kb.netgear.com/000062667/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0496
https://kb.netgear.com/000062666/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0494
https://kb.netgear.com/000062675/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0500
https://kb.netgear.com/000062676/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0498
https://kb.netgear.com/000062677/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0512
https://kb.netgear.com/000062678/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0505
https://kb.netgear.com/000062679/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0508
https://kb.netgear.com/000062680/Security-Advisory-for-Vertical-Privilege-Escalation-on-WAX610-PSV-2020-0374
https://kb.netgear.com/000062681/Security-Advisory-for-Denial-of-Service-on-Some-Routers-and-Extenders-PSV-2019-0162
https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157
https://kb.netgear.com/000062683/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0108
https://kb.netgear.com/000062684/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0118
https://kb.netgear.com/000062685/Security-Advisory-for-Missing-Function-Level-Access-Control-on-SXK80-PSV-2020-0425
https://kb.netgear.com/000062686/Security-Advisory-for-Post-Authentication-Command-Injection-on-NMS300-PSV-2020-0559
https://kb.netgear.com/000062687/Security-Advisory-for-Denial-of-Service-on-NMS300-PSV-2020-0561
https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560
漏洞識別碼
- 暫無 CVE 可提供
資料來源
相關連結
- https://www.securitywizardry.com/the-radar-page/alert-details#alerts
- https://www.netgear.com/about/security/
- https://kb.netgear.com/000062674/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-PSV-2018-0510
- https://kb.netgear.com/000062673/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0501
- https://kb.netgear.com/000062672/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0507
- https://kb.netgear.com/000062671/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0492
- https://kb.netgear.com/000062670/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Product-or-Product-Category-PSV-2018-0485
- https://kb.netgear.com/000062669/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0488
- https://kb.netgear.com/000062668/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0493
- https://kb.netgear.com/000062667/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0496
- https://kb.netgear.com/000062666/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0494
- https://kb.netgear.com/000062675/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0500
- https://kb.netgear.com/000062676/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0498
- https://kb.netgear.com/000062677/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0512
- https://kb.netgear.com/000062678/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0505
- https://kb.netgear.com/000062679/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0508
- https://kb.netgear.com/000062680/Security-Advisory-for-Vertical-Privilege-Escalation-on-WAX610-PSV-2020-0374
- https://kb.netgear.com/000062681/Security-Advisory-for-Denial-of-Service-on-Some-Routers-and-Extenders-PSV-2019-0162
- https://kb.netgear.com/000062682/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0157
- https://kb.netgear.com/000062683/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0108
- https://kb.netgear.com/000062684/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2020-0118
- https://kb.netgear.com/000062685/Security-Advisory-for-Missing-Function-Level-Access-Control-on-SXK80-PSV-2020-0425
- https://kb.netgear.com/000062686/Security-Advisory-for-Post-Authentication-Command-Injection-on-NMS300-PSV-2020-0559
- https://kb.netgear.com/000062687/Security-Advisory-for-Denial-of-Service-on-NMS300-PSV-2020-0561
- https://kb.netgear.com/000062688/Security-Advisory-for-Pre-Authentication-Command-Injection-on-NMS300-PSV-2020-0560
分享至