Information disclosure in NETGEAR Routers

Published: 2023-03-15

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-200
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	D7000 Hardware solutions / Routers & switches, VoIP, GSM, etc JNR1010v2 Hardware solutions / Routers & switches, VoIP, GSM, etc JWNR2010v5 Hardware solutions / Routers & switches, VoIP, GSM, etc PR2000 fixed Hardware solutions / Routers & switches, VoIP, GSM, etc R6020 Hardware solutions / Routers & switches, VoIP, GSM, etc R6050 Hardware solutions / Routers & switches, VoIP, GSM, etc JR6150 Hardware solutions / Routers & switches, VoIP, GSM, etc R6120 Hardware solutions / Routers & switches, VoIP, GSM, etc R6220 Hardware solutions / Routers & switches, VoIP, GSM, etc R6230 Hardware solutions / Routers & switches, VoIP, GSM, etc R6700v3 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RP Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3000RPv3 Hardware solutions / Routers & switches, VoIP, GSM, etc WN3100RPv2 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR1000v4 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR2020 Hardware solutions / Routers & switches, VoIP, GSM, etc WNR2050 Hardware solutions / Routers & switches, VoIP, GSM, etc D7800 Hardware solutions / Routers for home users R6400v2 Hardware solutions / Routers for home users R7000 Hardware solutions / Routers for home users R7000P Hardware solutions / Routers for home users R7100LG Hardware solutions / Routers for home users R7500v2 Hardware solutions / Routers for home users R7800 Hardware solutions / Routers for home users WNR2000v5 Hardware solutions / Routers for home users
Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU73701

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a security misconfiguration issue. A local attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

D7000: before 1.0.1.74

D7800: before 1.0.1.56

JNR1010v2: before 1.1.0.54

JWNR2010v5: before 1.1.0.54

PR2000 fixed: before 1.0.0.30

R6020: before 1.0.0.26

R6050: before 1.0.1.14

JR6150: before 1.0.1.14

R6120: before 1.0.0.36

R6220: before 1.1.0.100

R6230: before 1.1.0.100

R6400v2: before 1.0.4.128

R6700v3: before 1.0.4.128

R7000: before 1.0.11.130

R7000P: before 1.3.3.148

R7100LG: before 1.0.0.42

R7500v2: before 1.0.3.20

R7800: before 1.0.2.60

WN3000RP: before 1.0.0.78

WN3000RPv2: before 1.0.0.78

WN3000RPv3: before 1.0.2.78

WN3100RPv2: before 1.0.0.66

WNR1000v4: before 1.1.0.54

WNR2000v5: before 1.0.0.68

WNR2020: before 1.1.0.62

WNR2050: before 1.1.0.62

Fixed software versions

CPE2.3

cpe:2.3:h:netgear:d7000:*:*:*:*:*:*:*:*

External links

http://kb.netgear.com/000065561/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2017-2454

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?