الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تنبيه NETGEAR
3078
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
28 ديسمبر, 2022
● عالي
2022-5405
الكل
أصدرت NETGEAR عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Insight iOS App fixed in firmware version 6.8.2.5
- Routers and WiFi Systems
- RBK852 fixed in firmware version 3.2.17.12
- RBR850 fixed in firmware version 3.2.17.12
- RBS850 fixed in firmware version 3.2.17.12
- RAX200 fixed in firmware version 1.0.4.120
- RAX75 fixed in firmware version 1.0.4.120
- RAX80 fixed in firmware version 1.0.4.120
- R7960P fixed in firmware version 1.4.4.94
- R8000P fixed in firmware version 1.4.4.94
- EAX20 fixed in firmware version 1.0.0.58
- R6400 fixed in firmware version 1.0.1.70
- R8000 fixed in firmware version 1.0.4.74
- R7850 fixed in firmware version 1.0.4.74
- R7000P fixed in firmware version 1.3.3.140
- R6400v2 fixed in firmware version 1.0.4.118
- XR1000 fixed in firmware version 1.0.0.58
- MK62 fixed in firmware version 1.0.6.116
- MR60 fixed in firmware version 1.0.6.116
- MS60 fixed in firmware version 1.0.6.116
- R7000 fixed in firmware version 1.0.11.126
- RS400 fixed in firmware version 1.5.1.80
- R7900 fixed in firmware version 1.0.4.46
- DGN2200v4 fixed in firmware version 1.0.0.126
- LAX20 fixed in firmware version 1.1.6.34
- RBK752 fixed in firmware version 3.2.17.12
- RBR750 fixed in firmware version 3.2.17.12
- RBS750 fixed in firmware version 3.2.17.12
- MK83 fixed in firmware version 1.1.3.6
- MR80 fixed in firmware version 1.1.3.6
- MS80 fixed in firmware version 1.1.3.6
- RAX45 fixed in firmware version 1.0.3.96
- RAX50 fixed in firmware version 1.0.3.96
- RAX43 fixed in firmware version 1.0.3.96
- RAX40v2 fixed in firmware version 1.0.3.96
- RAX35v2 fixed in firmware version 1.0.3.96
- LAX20 fixed in firmware version 1.1.6.28
- RAX15 fixed in firmware version 1.0.3.96
- RAX20 fixed in firmware version 1.0.3.96
- CBR750 fixed in firmware version 4.6.3.6
- CBR40 fixed in firmware version 2.5.0.24
- R8000P fixed in firmware version 1.4.2.84
- R7960P fixed in firmware version 1.4.2.84
- R7000 fixed in firmware version 1.0.11.116
- EAX80 fixed in firmware version 1.0.1.64
- R8000 fixed in firmware version 1.0.4.68
- R7900 fixed in firmware version 1.0.4.38
- R6400v2 fixed in firmware version 1.0.4.122
- RAX200 fixed in firmware version 1.0.6.138
- RAX75 fixed in firmware version 1.0.6.138
- RAX80 fixed in firmware version 1.0.6.138
- R7000P fixed in firmware version 1.3.3.152
- CAX30 fixed in firmware version 1.4.11.2
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- الكشف والإفصاح غير المصرح به للمعلومات الحساسة
- حقن أوامر خبيثة
- تجاوز سعة مخزن الذاكرة المؤقت
- خلل في عملية المصادقة
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت NETGEAR توضيحًا لهذه التحديثات:
- https://kb.netgear.com/000065474/Security-Advisory-for-Sensitive-Information-Disclosure-on-Insight-iOS-App-PSV-2022-0094?article=000065474
- https://kb.netgear.com/000065477/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0565?article=000065477
- https://kb.netgear.com/000065479/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0569?article=000065479
- https://kb.netgear.com/000065480/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0568?article=000065480
- https://kb.netgear.com/000065481/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0549?article=000065481
- https://kb.netgear.com/000065482/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0478?article=000065482
- https://kb.netgear.com/000065483/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2020-0333?article=000065483
- https://kb.netgear.com/000065484/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0249?article=000065484
- https://kb.netgear.com/000065485/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0221?article=000065485
- https://kb.netgear.com/000065486/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0194?article=000065486
- https://kb.netgear.com/000065487/Security-Advisory-for-Authentication-Bypass-on-CAX30-PSV-2022-0195?article=000065487
- https://kb.netgear.com/000065488/Security-Advisory-for-Post-Authentication-Command-Injection-on-CAX30-PSV-2022-0194?article=000065488
قيم المحتوى
شارك الصفحة
