Command Injection in NETGEAR Router and Extenders



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-77
Exploitation vector Local network
Public exploit N/A
Vulnerable software
CBR750
Hardware solutions / Routers & switches, VoIP, GSM, etc

EAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

EAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3700
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX3800
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX6120
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX6130
Hardware solutions / Routers & switches, VoIP, GSM, etc

EX7000
Hardware solutions / Routers & switches, VoIP, GSM, etc

LAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

MK62
Hardware solutions / Routers & switches, VoIP, GSM, etc

MR60
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS60
Hardware solutions / Routers & switches, VoIP, GSM, etc

MK83
Hardware solutions / Routers & switches, VoIP, GSM, etc

MR80
Hardware solutions / Routers & switches, VoIP, GSM, etc

MS80
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBW30
Hardware solutions / Routers & switches, VoIP, GSM, etc

R8000P
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX15
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX200
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX45
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX50
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX43
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX40v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX38v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX35v2
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX75
Hardware solutions / Routers & switches, VoIP, GSM, etc

RAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBK752
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBR750
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBS750
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBK852
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBR850
Hardware solutions / Routers & switches, VoIP, GSM, etc

RBS850
Hardware solutions / Routers & switches, VoIP, GSM, etc

R6400
Hardware solutions / Routers for home users

R6400v2
Hardware solutions / Routers for home users

R7000
Hardware solutions / Routers for home users

R7000P
Hardware solutions / Routers for home users

RS400
Hardware solutions / Routers for home users

XR1000
Hardware solutions / Routers for home users

Vendor NETGEAR

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Command Injection

EUVDB-ID: #VU73748

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker on the local network can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CBR750: All versions

EAX20: All versions

EAX80: All versions

EX3700: All versions

EX3800: All versions

EX6120: All versions

EX6130: All versions

EX7000: All versions

LAX20: All versions

MK62: All versions

MR60: All versions

MS60: All versions

MK83: All versions

MR80: All versions

MS80: All versions

RBW30: All versions

R6400: All versions

R6400v2: All versions

R7000: All versions

R7000P: All versions

R8000P: All versions

RAX15: All versions

RAX20: All versions

RAX200: All versions

RAX45: All versions

RAX50: All versions

RAX43: All versions

RAX40v2: All versions

RAX38v2: All versions

RAX35v2: All versions

RAX75: All versions

RAX80: All versions

RBK752: All versions

RBR750: All versions

RBS750: All versions

RBK852: All versions

RBR850: All versions

RBS850: All versions

RS400: All versions

XR1000: All versions

CPE2.3 External links

https://kb.netgear.com/000065572/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-and-Extenders-PSV-2021-0076


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###