Multiple vulnerabilities in NETGEAR Touters

Published: 2018-02-09 12:17:43
Severity Low
Patch available YES
Number of vulnerabilities 5
CVE ID N/A
CVSSv3 5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
7.1 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.3 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.1 [CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-200
CWE-78
CWE-264
Exploitation vector Local network
Public exploit Not available
Vulnerable software D8500
WNDR4500v2
R7000P
R6400v2
R6300v2
DGN2200v4
R6400
R6700
R6900
R7000
R7100LG
R7300DST
R7900
R8000
R8300
R8500
WNDR3400v3
R6100
D6220
D6400
R6900P
R6250
D7800
EX6200v2
R7800
R7500v2
R7500
Vulnerable software versions D8500 -
WNDR4500v2 -
R7000P -
R6400v2 -
R6300v2 -
DGN2200v4 -
R6400 -
R6700 -
R6900 -
R7000 -
R7100LG -
R7300DST -
R7900 -
R8000 -
R8300 -
R8500 -
WNDR3400v3 -
R6100 -
D6220 -
D6400 -
R6900P -
R6250 -
D7800 -
EX6200v2 -
R7800 -
R7500v2 -
R7500 -
Vendor URL NETGEAR

Security Advisory

1) Information disclosure

Description

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the genie_restoring.cgi script, provided by the box's built-in web server. An adjacent attacker can abuse the vulnerable script and extract files and passwords from its filesystem in flash storage or pull files from USB sticks plugged into the router.

Remediation

Update to the latest version.

External links

https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Rou...

2) OS command injection

Description

The vulnerability allows an local root-privileged attacker to execute shell commands on the target system.

The weakness exists due to post-authentication command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to the latest version.

External links

https://kb.netgear.com/000045850/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2017-1207

3) Authentication bypass

Description

The vulnerability allows a local attacker to bypass authentication on the target system.

The weakness exists due to improper privileges and access controls. A local attacker can bypass authentication if "&genie=1" is found within the query string.

Remediation

Update to the latest version.

External links

https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Mode...

4) OS command injection

Description

The vulnerability allows an local attacker to execute shell commands on the target system.

The weakness exists due to command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to the latest version.

External links

https://kb.netgear.com/000048999/Security-Advisory-for-Command-Injection-on-Some-Routers-and-Modem-R...

5) OS command injection

Description

The vulnerability allows an local root-privileged attacker to execute shell commands on the target system.

The weakness exists due to post-authentication command injection. A local attacker can inject and execute arbitrary commands with root privileges during short time window when WPS is activated.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to the latest version.

External links

https://kb.netgear.com/000049354/Security-Advisory-for-Command-Injection-Vulnerability-on-D7000-EX6200v2-and-Some-Routers-PSV-2017-2181

Back to List