Information disclosure in NETGEAR Routers

Published: 2023-03-15

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-200
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	D7000 Hardware solutions / Routers & switches, VoIP, GSM, etc JNR1010v2 Hardware solutions / Routers & switches, VoIP, GSM, etc JWNR2010v5 Hardware solutions / Routers & switches, VoIP, GSM, etc PR2000 fixed Hardware solutions / Routers & switches, VoIP, GSM, etc R6020 Hardware solutions / Routers & switches, VoIP, GSM, etc R6050 Hardware solutions / Routers & switches, VoIP, GSM, etc JR6150 Hardware solutions / Routers & switches, VoIP, GSM, etc R6120 Hardware solutions / Routers & switches, VoIP, GSM, etc R6220 Hardware solutions / Routers & switches, VoIP, GSM, etc R6230 Hardware solutions / Routers & switches, VoIP, GSM, etc R6700v3 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RP Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RPv3 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3100RPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR1000v4 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR2020 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR2050 Hardware solutions / Routers & switches, VoIP, GSM, etc D7800 Hardware solutions / Routers for home users R6400v2 Hardware solutions / Routers for home users R7000 Hardware solutions / Routers for home users R7000P Hardware solutions / Routers for home users R7100LG Hardware solutions / Routers for home users R7500v2 Hardware solutions / Routers for home users R7800 Hardware solutions / Routers for home users WNR2000v5 Hardware solutions / Routers for home users
Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU73701

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a security misconfiguration issue. A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

D7000: before 1.0.1.74

D7800: before 1.0.1.56

JNR1010v2: before 1.1.0.54

JWNR2010v5: before 1.1.0.54

PR2000 fixed: before 1.0.0.30

R6020: before 1.0.0.26

R6050: before 1.0.1.14

JR6150: before 1.0.1.14

R6120: before 1.0.0.36

R6220: before 1.1.0.100

R6230: before 1.1.0.100

R6400v2: before 1.0.4.128

R6700v3: before 1.0.4.128

R7000: before 1.0.11.130

R7000P: before 1.3.3.148

R7100LG: before 1.0.0.42

R7500v2: before 1.0.3.20

R7800: before 1.0.2.60

WN3000RP: before 1.0.0.78

WN3000RPv2: before 1.0.0.78

WN3000RPv3: before 1.0.2.78

WN3100RPv2: before 1.0.0.66

WNR1000v4: before 1.1.0.54

WNR2000v5: before 1.0.0.68

WNR2020: before 1.1.0.62

WNR2050: before 1.1.0.62

External links

http://kb.netgear.com/000065561/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-2454

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.