#VU74012 Hidden functionality in NETGEAR products - CVE-2022-38452

Cybersecurity Help s.r.o.

Published: 2023-03-24

Vulnerability identifier: #VU74012

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-38452

CWE-ID: CWE-912

Exploitation vector: Network

Exploit availability: No

Vendor: NETGEAR

Description

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software within the hidden telnet service functionality. A remote administrator can use this functionality to gain full access to the application and execute arbitrary commands on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RBR750: before 4.6.14.3

RBR840: before 4.6.14.3

RBR850: before 4.6.14.3

RBR860: before 7.2.4.5

RBRE950: before 6.3.7.10

RBRE960: before 6.3.7.10

RBS750: before 4.6.14.3

RBS840: before 4.6.14.3

RBS850: before 4.6.14.3

RBS860: before 7.2.4.5

RBSE950: before 6.3.7.10

RBSE960: before 6.3.7.10

External links
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595
https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Hidden functionality in NETGEAR Orbi WiFi Systems