===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2021.12.1.0800
NETGEAR routers: Multiple vulnerabilities
1st December 2021
===========================================================================
Product: NETGEAR routers
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
OVERVIEW
NETGEAR have released an advisory stating that multiple routers are
vulnerable to post-authentication command injection and sensitive
information disclosure vulnerabilities. [1]
This is making the rounds across various media outlets. [2][3][4]
IMPACT
NETGEAR advise that the following products as vulnerable and
have listed fixed firmware versions.
"DSL Modem Routers
D7800 fixed in firmware version 1.0.1.66
Extenders
EX2700 fixed in firmware version 1.0.1.68
WN3000RPv2 fixed in firmware version 1.0.0.90
WN3000RPv3 fixed in firmware version 1.0.2.100
LTE Modems
LBR1020 fixed in firmware version 2.6.5.20
Orbi WiFi Systems
LBR20 fixed in firmware version 2.6.5.32
Routers
R6700AX fixed in firmware version 1.0.10.110
R7800 fixed in firmware version 1.0.2.86
R8900 fixed in firmware version 1.0.5.38
R9000 fixed in firmware version 1.0.5.38
RAX10 fixed in firmware version 1.0.10.110
RAX120v1 fixed in firmware version 1.2.3.28
RAX120v2 fixed in firmware version 1.2.3.28
RAX70 fixed in firmware version 1.0.10.110
RAX78 fixed in firmware version 1.0.10.110
XR450 fixed in firmware version 2.3.2.130
XR500 fixed in firmware version 2.3.2.130
XR700 fixed in firmware version 1.0.1.46" [1]
MITIGATION
NETGEAR have recommended that all affected devices be updated to the latest available firmware as soon as possible. [1]
Other sources have advised to update the login details for these routers, especially if they have been left at defaults. [2]
REFERENCES
[1] Security Advisory for Post-Authentication Command Injection &
Sensitive Information Disclosure on Multiple Products,
PSV-2021-0169 & PSV-2021-0171
https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
[2] Netgear router flaws exploitable with authentication ... like the
default creds on Netgear's website
https://www.theregister.com/2021/12/03/netgear_router_flaws_patched/
[3] Netgear vulnerabilities could put small business routers at risk
https://www.immersivelabs.com/resources/blog/netgear-vulnerabilities-could-put-small-business-routers-at-risk/
[4] Responsible Disclosure
https://www.techanarchy.net/responsible-disclosure/
- --------------------------END INCLUDED TEXT--------------------
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT