Multiple vulnerabilities were identified in Netgear Products. A remote attacker could exploit this vulnerability to trigger remote code execution, denial of service condition and information disclosure on the targeted system.
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
System / Technologies affected
- D7800 firmware versions prior to 1.0.1.66
- EX2700 firmware versions prior to 1.0.1.68
- WN3000RPv2 firmware versions prior to 1.0.0.90
- WN3000RPv3 firmware versions prior to 1.0.2.100
- LBR1020 firmware versions prior to 2.6.5.20
- LBR20 firmware versions prior to 2.6.5.32
- R6700AX firmware versions prior to 1.0.10.110
- R7800 firmware versions prior to 1.0.2.86
- R8900 firmware versions prior to 1.0.5.38
- R9000 firmware versions prior to 1.0.5.38
- RAX10 firmware versions prior to 1.0.10.110
- RAX120v1 firmware versions prior to 1.2.3.28
- RAX120v2 firmware versions prior to 1.2.3.28
- RAX70 firmware versions prior to 1.0.10.110
- RAX78 firmware versions prior to 1.0.10.110
- XR450 firmware versions prior to 2.3.2.130
- XR500 firmware versions prior to 2.3.2.130
- XR700 firmware versions prior to 1.0.1.46
- AC2100 firmware version prior to 1.2.0.88
- AC2400 firmware version prior to 1.2.0.88
- AC2600 firmware version prior to 1.2.0.88
- D7000 firmware version prior to 1.0.1.82
- R6220 firmware version prior to 1.1.0.110
- R6230 firmware version prior to 1.1.0.110
- R6260 firmware version prior to 1.1.0.84
- R6330 firmware version prior to 1.1.0.84
- R6350 firmware version prior to 1.1.0.84
- R6700v2 firmware version prior to 1.2.0.88
- R6800 firmware version prior to 1.2.0.88
- R6850 firmware version prior to 1.1.0.84
- R6900v2 firmware version prior to 1.2.0.88
- R7200 firmware version prior to 1.2.0.88
- R7350 firmware version prior to 1.2.0.88
- R7400 firmware version prior to 1.2.0.88
- R7450 firmware version prior to 1.2.0.88
- RAX35 firmware version prior to 1.0.4.102
- RAX38 firmware version prior to 1.0.4.102
- RAX40 firmware version prior to 1.0.4.102
Solutions
Before installation of the software, please visit the vendor's web-site for more details.
- Apply fixes issued by the vendor:
- Upgrade D7800 firmware versions to 1.0.1.66
- Upgrade EX2700 firmware versions to 1.0.1.68
- Upgrade WN3000RPv2 firmware versions to 1.0.0.90
- Upgrade WN3000RPv3 firmware versions to 1.0.2.100
- Upgrade LBR1020 firmware versions to 2.6.5.20
- Upgrade LBR20 firmware versions to 2.6.5.32
- Upgrade R6700AX firmware versions to 1.0.10.110
- Upgrade R7800 firmware versions to 1.0.2.86
- Upgrade R8900 firmware versions to 1.0.5.38
- Upgrade R9000 firmware versions to 1.0.5.38
- Upgrade RAX10 firmware versions to 1.0.10.110
- Upgrade RAX120v1 firmware versions to 1.2.3.28
- Upgrade RAX120v2 firmware versions to 1.2.3.28
- Upgrade RAX70 firmware versions to 1.0.10.110
- Upgrade RAX78 firmware versions to 1.0.10.110
- Upgrade XR450 firmware versions to 2.3.2.130
- Upgrade XR500 firmware versions to 2.3.2.130
- Upgrade XR700 firmware versions to 1.0.1.46
- Upgrade AC2100 firmware version to 1.2.0.88
- Upgrade AC2400 firmware version to 1.2.0.88
- Upgrade AC2600 firmware version to 1.2.0.88
- Upgrade D7000 firmware version to 1.0.1.82
- Upgrade R6220 firmware version to 1.1.0.110
- Upgrade R6230 firmware version to 1.1.0.110
- Upgrade R6260 firmware version to 1.1.0.84
- Upgrade R6330 firmware version to 1.1.0.84
- Upgrade R6350 firmware version to 1.1.0.84
- Upgrade R6700v2 firmware version to 1.2.0.88
- Upgrade R6800 firmware version to 1.2.0.88
- Upgrade R6850 firmware version to 1.1.0.84
- Upgrade R6900v2 firmware version to 1.2.0.88
- Upgrade R7200 firmware version to 1.2.0.88
- Upgrade R7350 firmware version to 1.2.0.88
- Upgrade R7400 firmware version to 1.2.0.88
- Upgrade R7450 firmware version to 1.2.0.88
- Upgrade RAX35 firmware version to 1.0.4.102
- Upgrade RAX38 firmware version to 1.0.4.102
- Upgrade RAX40 firmware version to 1.0.4.102
- https://kb.netgear.com/000064407/Security-Advisory-for-Post-Authentication-Command-Injection-Sensitive-Information-Disclosure-on-Multiple-Products-PSV-2021-0169-PSV-2021-0171
- https://kb.netgear.com/000064406/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-DSL-Modem-Routers-PSV-2021-0172?article=000064406
- https://kb.netgear.com/000064405/Security-Advisory-for-Denial-of-Service-on-Some-Routers-PSV-2021-0268?article=000064405
[ad_2]
Source link
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Digitpol can assist with all stages of cyber related incidents.
Contact Digitpol’s hotlines or respond to us online.
ASIA +85239733884
Europe +31558448040
UK +44 20 8089 9944