Multiple vulnerabilities in NETGEAR Touters
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU10433
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the genie_restoring.cgi script, provided by the box's built-in web server. An adjacent attacker can abuse the vulnerable script and extract files and passwords from its filesystem in flash storage or pull files from USB sticks plugged into the router.
Update to the latest version.
Vulnerable software versionsD8500: All versions
WNDR4500v2: All versions
R7000P: All versions
R6400v2: All versions
R6300v2: All versions
DGN2200v4: All versions
R6400: All versions
R6700: All versions
: All versions
R7000: All versions
: All versions
: All versions
: All versions
: All versions
: All versions
: All versions
: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS command injection
EUVDB-ID: #VU10434
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an local root-privileged attacker to execute shell commands on the target system.
The weakness exists due to post-authentication command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to the latest version.
Vulnerable software versionsD8500: All versions
R6100: All versions
R6400v2: All versions
R6400: All versions
R8300: All versions
R8500: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication bypass
EUVDB-ID: #VU10436
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass authentication on the target system.
The weakness exists due to improper privileges and access controls. A local attacker can bypass authentication if "&genie=1" is found within the query string.
Update to the latest version.
Vulnerable software versionsD6220: All versions
: All versions
: All versions
R6400: All versions
R6400v2: All versions
: All versions
: All versions
R7000P: All versions
R7000: All versions
: All versions
: All versions
: All versions
: All versions
: All versions
: All versions
R6900P: All versions
R6250: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) OS command injection
EUVDB-ID: #VU10438
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an local attacker to execute shell commands on the target system.
The weakness exists due to command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update to the latest version.
Vulnerable software versionsD6220: All versions
D8500: All versions
D6400: All versions
R6250: All versions
R6400: All versions
R6400v2: All versions
R6700: All versions
R6900P: All versions
R6900: All versions
R7000P: All versions
R7000: All versions
R7100LG: All versions
R7300DST: All versions
R7900: All versions
R8000: All versions
R8300: All versions
R8500: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS command injection
EUVDB-ID: #VU10440
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an local root-privileged attacker to execute shell commands on the target system.
The weakness exists due to post-authentication command injection. A local attacker can inject and execute arbitrary commands with root privileges during short time window when WPS is activated.
Successful exploitation of the vulnerability may result in system compromise.
Update to the latest version.
Vulnerable software versionsR6100: All versions
D7800: All versions
EX6200v2: All versions
R7800: All versions
R7500v2: All versions
R7500: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
