الوصف:

أصدرت NETGEAR عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية، أبرزها:

• CBR40, running firmware versions prior to 2.5.0.24
• EAX20, running firmware versions prior to 1.0.0.48
• EAX80, running firmware versions prior to 1.0.1.64
• EX7500, running firmware versions prior to 1.0.0.72
• R6400, running firmware versions prior to 1.0.1.68
• R6900P, running firmware versions prior to 1.3.2.132
• R7000, running firmware versions prior to 1.0.11.116
• R7000P, running firmware versions prior to 1.3.2.132
• R7900, running firmware versions prior to 1.0.4.38
• R7960P, running firmware versions prior to 1.4.1.66
• R8000, running firmware versions prior to 1.0.4.66
• RAX200, running firmware versions prior to 1.0.3.106
• RS400, running firmware versions prior to 1.5.1.80
• XR300, running firmware versions prior to 1.0.3.68
• MR60, running firmware versions prior to 1.0.6.110
• R6400v2, running firmware versions prior to 1.0.4.106
• R8000P, running firmware versions prior to 1.4.1.66
• RAX20, running firmware versions prior to 1.0.2.64
• RAX45, running firmware versions prior to 1.0.2.82
• RAX80, running firmware versions prior to 1.0.3.106
• MS60, running firmware versions prior to 1.0.6.110
• R6700v3, running firmware versions prior to 1.0.4.106
• R7900P, running firmware versions prior to 1.4.1.66
• RAX15, running firmware versions prior to 1.0.2.64
• RAX50, running firmware versions prior to 1.0.2.82
• RAX75, running firmware versions prior to 1.0.3.106
• RBR750, running firmware versions prior to 3.2.16.22
• RBR850, running firmware versions prior to 3.2.16.22
• RBS750, running firmware versions prior to 3.2.16.22
• RBS850, running firmware versions prior to 3.2.16.22
• RBK752, running firmware versions prior to 3.2.16.22
• RBK852, running firmware versions prior to 3.2.16.22
• R7000, running firmware versions prior to 1.0.11.110
• R7900, running firmware versions prior to 1.0.4.30
• R8000, running firmware versions prior to 1.0.4.62
• RS400, running firmware versions prior to 1.5.1.80
• R6400v2, running firmware versions prior to 1.0.4.102
• R7000P, running firmware versions prior to 1.3.2.126
• R6700v3, running firmware versions prior to 1.0.4.102
• R6900P, running firmware versions prior to 1.3.2.126
• EX6120, running firmware versions prior to 1.0.0.66
• EX6130, running firmware versions prior to 1.0.0.46
• EX7000, running firmware versions prior to 1.0.1.106
• EX7500, running firmware versions prior to 1.0.1.76
• EX3700, running firmware versions prior to 1.0.0.94
• EX3800, running firmware versions prior to 1.0.0.94
• RBR850, running firmware versions prior to 4.6.3.9
• RBS850, running firmware versions prior to 4.6.3.9
• RBK852, running firmware versions prior to 4.6.3.9
• RAX200, running firmware versions prior to 1.0.3.106
• RAX80, running firmware versions prior to 1.0.3.106
• RAX75, running firmware versions prior to 1.0.3.106
• RBK752, running firmware versions prior to 3.2.16.6
• RBR750, running firmware versions prior to 3.2.16.6
• RBS750, running firmware versions prior to 3.2.16.6
• RBK852, running firmware versions prior to 3.2.16.6
• RBR850, running firmware versions prior to 3.2.16.6
• RBS850, running firmware versions prior to 3.2.16.6
• R7800, running firmware versions prior to 1.0.2.74
• R9000, running firmware versions prior to 1.0.5.2
• XR500, running firmware versions prior to 2.3.2.66
• EX6000, running firmware versions prior to 1.0.0.38
• EX6120, running firmware versions prior to 1.0.0.48
• EX6130, running firmware versions prior to 1.0.0.30
• R6300v2, running firmware versions prior to 1.0.4.52
• R6400, running firmware versions prior to 1.0.1.52
• R7000, running firmware versions prior to 1.0.11.126
• R7900, running firmware versions prior to 1.0.4.30
• R8000, running firmware versions prior to 1.0.4.52
• R7000P, running firmware versions prior to 1.3.2.124
• R8000P, running firmware versions prior to 1.4.1.50
• RAX80, running firmware versions prior to 1.0.3.88
• R6900P, running firmware versions prior to 1.3.2.124
• R7900P, running firmware versions prior to 1.4.1.50
• RAX75, running firmware versions prior to 1.0.3.88
• R6900P, running firmware versions prior to 1.3.3.140
• R7000P, running firmware versions prior to 1.3.3.140
• R7900P, running firmware versions prior to 1.4.2.84
• R7960P, running firmware versions prior to 1.4.2.84
• R8000P, running firmware versions prior to 1.4.2.84
• RAX75, running firmware versions prior to 1.0.3.106
• RAX80, running firmware versions prior to 1.0.3.106

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• الكشف والإفصاح عن معلومات حساسة
• تجاوز سعة مخزن الذاكرة المؤقت (Buffer overflow)

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت NETGEAR توضيحًا لذلك، أبرزها:

• https://kb.netgear.com/000064461/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-2021-12-20?article=000064461
• https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-2021-12-20?article=000064459
• https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062?article=000064458
• https://kb.netgear.com/000064457/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0052?article=000064457
• https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293?article=000064453
• https://kb.netgear.com/000064449/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0203?article=000064449
• https://kb.netgear.com/000064446/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-and-Extenders-PSV-2019-0078?article=000064446
• https://kb.netgear.com/000064445/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0027?article=000064445
• https://kb.netgear.com/000064441/Security-Advisory-for-Sensitive-Information-Disclosure-on-RBR50-PSV-2017-3085?article=000064441