Main Vulnerability Database Vulnerabilities #VU64816

#VU64816 Permissions, Privileges, and Access Controls in NETGEAR products

Published: June 30, 2022

Vulnerability identifier: #VU64816

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
RAX120
R7800
RAX120v2
RBK50
LBR20

Software vendor:
NETGEAR

Description

The vulnerability allows a remote administrator on the local network to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://kb.netgear.com/000065041/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-and-WiFi-Systems-PSV-2021-0103