#VU70577 OS Command Injection in NETGEAR products

Cybersecurity Help s.r.o.

Published: 2023-01-02

Vulnerability identifier: #VU70577

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vendor: NETGEAR

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the device.

The vulnerability exists due to improper input validation. A remote authenticated user can send specially crafted data to the application and execute arbitrary OS commands on the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RBK852: before 3.2.17.12

RBR850: before 3.2.17.12

RBS850: before 3.2.17.12

RBK752: before 3.2.17.12

RBR750: before 3.2.17.12

RBS750: before 3.2.17.12

RAX200: before 1.0.4.120

RAX75: before 1.0.4.120

RAX80: before 1.0.4.120

MK83: before 1.1.3.6

MR80: before 1.1.3.6

MS80: before 1.1.3.6

RAX45: before 1.0.3.96

RAX50: before 1.0.3.96

RAX43: before 1.0.3.96

RAX40v2: before 1.0.3.96

RAX35v2: before 1.0.3.96

R7000P: before 1.3.3.140

LAX20: before 1.1.6.28

RAX15: before 1.0.3.96

RAX20: before 1.0.3.96

XR1000: before 1.0.0.58

MK62: before 1.0.6.116

MR60: before 1.0.6.116

MS60: before 1.0.6.116

CBR750: before 4.6.3.6

CBR40: before 2.5.0.24

RS400: before 1.5.1.80

R8000P: before 1.4.2.84

R7960P: before 1.4.2.84

External links
https://kb.netgear.com/000065482/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0478

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authenticated command executioin in several NETGEAR routers