Information disclosure in NETGEAR Routers and WiFi Systems

1) Information disclosure

EUVDB-ID: #VU73742

Risk: Low

CVSSv3.1:

CVE-ID: N/A

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a security misconfiguration issue. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CBR750: before 4.6.14.4

LAX20: before 1.1.6.34

MK62: before 1.1.6.124

MR60: before 1.1.6.124

MS60: before 1.1.6.124

MK72: before 1.0.2.26

MR70: before 1.0.2.26

MS70: before 1.0.2.26

MK82: before 1.1.6.14

MR80: before 1.1.6.14

MS80: before 1.1.6.14

NBR750: before 4.6.5.11

RAX35v2: before 1.0.10.110

RAX38v2: before 1.0.10.110

RAX40v2: before 1.0.10.110

RAX42: before 1.0.10.110

RAX43: before 1.0.10.110

RAX45: before 1.0.10.110

RAX48: before 1.0.10.110

RAX50: before 1.0.10.110

RAX50S: before 1.0.10.110

RAXE450: before 1.0.9.78

RAXE500: before 1.0.9.78

RBK752: before 4.6.14.3

RBR750: before 4.6.14.3

RBS750: before 4.6.14.3

RBK842: before 4.6.14.3

RBR840: before 4.6.14.3

RBS840: before 4.6.14.3

RBK852: before 4.6.14.3

RBR850: before 4.6.14.3

RBS850: before 4.6.14.3

RBKE962: before 6.0.3.85

RBRE960: before 6.0.3.85

RBSE960: before 6.0.3.85

XR1000: before 1.0.0.64

Fixed software versions

CPE2.3

• cpe:2.3:h:netgear:cbr750:*:*:*:*:*:*:*:*

External links

http://kb.netgear.com/000065575/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-WiFi-Systems-PSV-2021-0196

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?