Main Vulnerability Database Vulnerabilities #VU67145

Improper Authentication in NETGEAR products - #VU67145

Published: September 9, 2022

Vulnerability identifier: #VU67145

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RBR20
RBR50
RBS20
RBS50
R6230
R6260
R7000
R8900
R9000
XR300

Software vendor:
NETGEAR

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker with WiFi password or an Ethernet connection to router can bypass authentication process and gain unauthorized access to the system.

Remediation

Install updates from vendor's website.

External links

https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117

Improper Authentication in NETGEAR products - #VU67145

Description

Remediation

External links

Please verify you're human