#VU61588 Information disclosure in Hardware solutions


Published: 2022-03-24

Vulnerability identifier: #VU61588

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27647

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
CAX80
Hardware solutions / Routers & switches, VoIP, GSM, etc
LAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc
MR80
Hardware solutions / Routers & switches, VoIP, GSM, etc
MS80
Hardware solutions / Routers & switches, VoIP, GSM, etc
R6700v3
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX15
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX20
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX35v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX38v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX40v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX42
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX43
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX45
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX48
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX50
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX50S
Hardware solutions / Routers & switches, VoIP, GSM, etc
R7100LG
Hardware solutions / Routers for home users
R6400
Hardware solutions / Routers for home users
R6400v2
Hardware solutions / Routers for home users
R6900P
Hardware solutions / Routers for home users
R7000
Hardware solutions / Routers for home users
R7000P
Hardware solutions / Routers for home users
R8500
Hardware solutions / Routers for home users
RS400
Hardware solutions / Routers for home users

Vendor:

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker with access to the local network or WiFi can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in NETGEAR Products