Command Injection in NETGEAR Router and Extenders



Published: 2023-03-16
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-77
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		CBR750
Hardware solutions / Routers & switches, VoIP, GSM, etc

EAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

EAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3700
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3800
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX6120
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX6130
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX7000
Hardware solutions / Routers & switches, VoIP, GSM, etc

LAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

MK62
Hardware solutions / Routers & switches, VoIP, GSM, etc

MR60
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS60
Hardware solutions / Routers & switches, VoIP, GSM, etc

MK83
Hardware solutions / Routers & switches, VoIP, GSM, etc

MR80
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS80
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBW30
Hardware solutions / Routers & switches, VoIP, GSM, etc

R8000P
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX15
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX200
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX45
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX50
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX43
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX40v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX38v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX35v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX75
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBK752
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBR750
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBS750
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBK852
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBR850
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBS850
Hardware solutions / Routers & switches, VoIP, GSM, etc

R6400
Hardware solutions / Routers for home users

R6400v2
Hardware solutions / Routers for home users

R7000
Hardware solutions / Routers for home users

R7000P
Hardware solutions / Routers for home users

RS400
Hardware solutions / Routers for home users

XR1000
Hardware solutions / Routers for home users

Vendor

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Command Injection

EUVDB-ID: #VU73748

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CBR750: before 4.6.14.4

EAX20: before 1.0.1.62

EAX80: before 1.0.1.70

EX3700: before 1.0.0.94

EX3800: before 1.0.0.94

EX6120: before 1.0.0.64

EX6130: before 1.0.0.44

EX7000: before 1.0.1.106

LAX20: before 1.1.6.28

MK62: before 1.1.6.122

MR60: before 1.1.6.122

MS60: before 1.1.6.122

MK83: before 1.1.6.14

MR80: before 1.1.6.14

MS80: before 1.1.6.14

RBW30: before 2.6.2.6

R6400: before 1.0.1.74

R6400v2: before 1.0.4.118

R7000: before 1.0.11.126

R7000P: before 1.3.3.140

R8000P: before 1.4.2.84

RAX15: before 1.0.3.96

RAX20: before 1.0.3.96

RAX200: before 1.0.5.126

RAX45: before 1.0.3.96

RAX50: before 1.0.3.96

RAX43: before 1.0.3.96

RAX40v2: before 1.0.3.96

RAX38v2: before 1.0.3.96

RAX35v2: before 1.0.3.96

RAX75: before 1.0.5.126

RAX80: before 1.0.5.126

RBK752: before 4.6.7.13

RBR750: before 4.6.7.13

RBS750: before 4.6.7.13

RBK852: before 4.6.7.13

RBR850: before 4.6.7.13

RBS850: before 4.6.7.13

RS400: before 1.5.1.80

XR1000: before 1.0.0.64

External links

http://kb.netgear.com/000065572/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-and-Extenders-PSV-2021-0076


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###