تحديثات NETGEAR
1657تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
22 ديسمبر, 2021
● عالي
2021-4116
الكل
الوصف:
أصدرت NETGEAR عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- D7800 versions prior to 1.0.1.60
- DM200 versions prior to 1.0.0.66
- EX2700 versions prior to 1.0.1.56
- EX6150v2 versions prior to 1.0.1.86
- EX6200v2 versions prior to 1.0.1.86
- EX6250 versions prior to 1.0.0.128
- EX6400 versions prior to 1.0.2.144
- EX6400v2 versions prior to 1.0.0.128
- EX6410 versions prior to 1.0.0.128
- EX6420 versions prior to 1.0.0.128
- EX7300 versions prior to 1.0.2.144
- EX7300v2 versions prior to 1.0.0.128
- EX7320 versions prior to 1.0.0.128
- R7500v2 versions prior to 1.0.3.46
- R7800 versions prior to 1.0.2.74
- R8900 versions prior to 1.0.5.26
- R9000 versions prior to 1.0.5.2
- RAX120 versions prior to 1.0.1.128
- WN3000RPv2 versions prior to 1.0.0.78
- WN3000RPv3 versions prior to 1.0.2.80
- WNR2000v5 versions prior to 1.0.0.74
- XR500 versions prior to 2.3.2.66
- RBK20 versions prior to 2.7.3.22
- RBR20 versions prior to 2.7.3.22
- RBS20 versions prior to 2.7.3.22
- RBK40 versions prior to 2.7.3.22
- RBR40 versions prior to 2.7.3.22
- RBS40 versions prior to 2.7.3.22
- RAX35 versions prior to 1.0.4.102
- RAX38 versions prior to 1.0.4.102
- RAX40 versions prior to 1.0.4.102
- R8000 versions prior to 1.0.4.76
- R7000 versions prior to 1.0.11.110
- R7900 versions prior to 1.0.4.30
- R8000 versions prior to 1.0.4.62
- RAX200 versions prior to 1.0.3.106
- R7000P versions prior to 1.3.3.140
- RAX80 versions prior to 1.0.3.106
- R6900P versions prior to 1.3.3.140
- RAX75 versions prior to 1.0.3.106
- RBK752 versions prior to 3.2.16.6
- RBR750 versions prior to 3.2.16.6
- RBS750 versions prior to 3.2.16.6
- RBK852 versions prior to 3.2.16.6
- RBR850 versions prior to 3.2.16.6
- RBS850 versions prior to 3.2.16.6
- EX6120 versions prior to 1.0.0.66
- EX6130 versions prior to 1.0.0.46
- EX7000 versions prior to 1.0.1.106
- EX7500 versions prior to 1.0.1.76
- EX3700 versions prior to 1.0.0.94
- EX3800 versions prior to 1.0.0.94
- RBR850 versions prior to 4.6.3.9
- RBS850 versions prior to 4.6.3.9
- RBK852 versions prior to 4.6.3.9
- RS400 versions prior to 1.5.1.80
- R6400v2 versions prior to 1.0.4.102
- R7000P versions prior to 1.3.2.126
- R6700v3 versions prior to 1.0.4.102
- R6900P versions prior to 1.3.2.126
- CBR40 versions prior to 2.5.0.10
- EAX20 versions prior to 1.0.0.32
- EAX80 versions prior to 1.0.1.62
- EX6120 versions prior to 1.0.0.64
- EX6130 versions prior to 1.0.0.44
- EX7000 versions prior to 1.0.1.104
- EX7500 versions prior to 1.0.0.72
- R7960P versions prior to 1.4.1.66
- RAX200 versions prior to 1.0.2.102
- XR300 versions prior to 1.0.3.50
- EX3700 versions prior to 1.0.0.90
- MR60 versions prior to 1.0.5.102
- R8000P versions prior to 1.4.1.66
- RAX20 versions prior to 1.0.1.64
- RAX50 versions prior to 1.0.2.28
- RAX80 versions prior to 1.0.3.102
- EX3800 versions prior to 1.0.0.90
- MS60 versions prior to 1.0.5.102
- R7900P versions prior to 1.4.1.66
- RAX15 versions prior to 1.0.1.64
- RAX45 versions prior to 1.0.2.28
- RAX75 versions prior to 1.0.3.102
- CBR40 versions prior to 2.5.0.24
- EAX20 versions prior to 1.0.0.48
- EAX80 versions prior to 1.0.1.64
- R6400 versions prior to 1.0.1.68
- R6900P versions prior to 1.3.2.132
- R7000 versions prior to 1.0.11.116
- R7000P versions prior to 1.3.2.132
- R7900 versions prior to 1.0.4.38
- R8000 versions prior to 1.0.4.66
- XR300 versions prior to 1.0.3.68
- MR60 versions prior to 1.0.6.110
- R6400v2 versions prior to 1.0.4.106
- RAX20 versions prior to 1.0.2.64
- RAX45 versions prior to 1.0.2.82
- MS60 versions prior to 1.0.6.110
- R6700v3 versions prior to 1.0.4.106
- RAX15 versions prior to 1.0.2.64
- RAX50 versions prior to 1.0.2.82
- RBR750 versions prior to 3.2.16.22
- RBR850 versions prior to 3.2.16.22
- RBS750 versions prior to 3.2.16.22
- RBS850 versions prior to 3.2.16.22
- RBK752 versions prior to 3.2.16.22
- RBK852 versions prior to 3.2.16.22
- RAX200 versions prior to 1.0.5.126
- RAX20 versions prior to 1.0.2.82
- RAX80 versions prior to 1.0.5.126
- RAX15 versions prior to 1.0.2.82
- RAX75 versions prior to 1.0.5.126
- D7800 fixed in firmware version 1.0.1.68
- R6400v2 fixed in firmware version 1.0.4.122
- R6700v3 fixed in firmware version 1.0.4.122
- RBR50 versions prior to 2.7.2.102
- RBK50 versions prior to 2.7.2.102
- RBS50Y versions prior to 2.7.3.22
- RBR50 versions prior to 2.7.3.22
- RBS50 versions prior to 2.7.3.22
- RBK50 versions prior to 2.7.3.22
- R7900P versions prior to 1.4.2.84
- R7960P versions prior to 1.4.2.84
- R8000 versions prior to 1.0.4.74
- R8000P versions prior to 1.4.2.84
- R7000 versions prior to 1.0.11.126
- R7900 versions prior to 1.0.4.46
- RAX45 versions prior to 1.0.2.66
- RAX50 versions prior to 1.0.2.66
- RAX45 versions prior to 1.0.2.72
- RAX50 versions prior to 1.0.2.72
- R8000 versions prior to 1.0.4.68
- RBS40V versions prior to 2.6.1.4
- RBW30 versions prior to 2.6.1.4
- RAX200 versions prior to 1.0.4.120
- RAX80 versions prior to 1.0.4.120
- RAX75 versions prior to 1.0.4.120
- D8500 versions prior to 1.0.3.58
- R6250 versions prior to 1.0.4.48
- R7100LG versions prior to 1.0.0.64
- R8300 versions prior to 1.0.2.144
- R8500 versions prior to 1.0.2.144
- RBKE963, running firmware versions prior to 6.0.3.68
- RBRE960 versions prior to 6.0.3.68
- RBSE960 versions prior to 6.0.3.68
- RBR750 versions prior to 3.2.17.12
- RBR850 versions prior to 3.2.17.12
- RBS750 versions prior to 3.2.17.12
- RBS850 versions prior to 3.2.17.12
- RBK752 versions prior to 3.2.17.12
- RBK852 versions prior to 3.2.17.12
- D7000v2 versions prior to 1.0.0.66
- R7100LG versions prior to 1.0.0.72
- XR300 versions prior to 1.0.3.56
- D6220 versions prior to 1.0.0.66
- D6400 versions prior to 1.0.0.100
- DC112A versions prior to 1.0.0.52
- DGN2200v4 versions prior to 1.0.0.118
- R7960P versions prior to 1.4.1.64
- R8000P versions prior to 1.4.1.64
- R7900P versions prior to 1.4.1.64
- WNDR3400v3 versions prior to 1.0.1.38
- D7800 versions prior to 1.0.1.64
- EX6250 versions prior to 1.0.0.134
- EX7700 versions prior to 1.0.0.216
- EX8000 versions prior to 1.0.1.232
- LBR20 versions prior to 2.6.3.50
- R7800 versions prior to 1.0.2.80
- R9000 versions prior to 1.0.5.26
- RAX120 versions prior to 1.2.0.16
- RBS50Y versions prior to 1.0.0.56
- WNR2000v5 versions prior to 1.0.0.76
- XR450 versions prior to 2.3.2.114
- XR500 versions prior to 2.3.2.114
- XR700 versions prior to 1.0.1.36
- EX6150v2 versions prior to 1.0.1.98
- EX7300 versions prior to 1.0.2.158
- EX7320 versions prior to 1.0.0.134
- EX6100v2 versions prior to 1.0.1.98
- EX6400 versions prior to 1.0.2.158
- EX7300v2 versions prior to 1.0.0.134
- EX6410 versions prior to 1.0.0.134
- RBR10 versions prior to 2.6.1.44
- RBR20 versions prior to 2.6.2.104
- RBR40 versions prior to 2.6.2.104
- EX6420 versions prior to 1.0.0.134
- RBS10 versions prior to 2.6.1.44
- RBS20 versions prior to 2.6.2.104
- RBS40 versions prior to 2.6.2.104
- RBS50 versions prior to 2.7.2.102
- EX6400v2 versions prior to 1.0.0.134
- RBK12 versions prior to 2.6.1.44
- RBK20 versions prior to 2.6.2.104
- RBK40 versions prior to 2.6.2.104
- EX7700 versions prior to 1.0.0.222
- XR450 versions prior to 2.3.2.66
- RAX120 versions prior to 1.2.2.24
- RAX120v2 versions prior to 1.2.2.24
- RBR10 versions prior to 2.7.3.22
- RBS10 versions prior to 2.7.3.22
- RBK12 versions prior to 2.7.3.22
- LBR1020 versions prior to 2.6.3.58
- RAX10 versions prior to 1.0.2.88
- RAX70 versions prior to 1.0.2.88
- R6700AX versions prior to 1.0.2.88
- RAX120v2 versions prior to 1.2.0.16
- RAX78 versions prior to 1.0.2.88
- RBR350 versions prior to 4.3.4.7
- RBS350 versions prior to 4.3.4.7
- RBK352 versions prior to 4.3.4.7
- D6220 versions prior to 1.0.0.68
- D6400 versions prior to 1.0.0.102
- DC112A versions prior to 1.0.0.54
- EX7000 versions prior to 1.0.1.94
- R6300v2 versions prior to 1.0.4.52
- R6400 versions prior to 1.0.1.70
- R7850 versions prior to 1.0.5.68
- R7960P versions prior to 1.4.1.68
- R8000 versions prior to 1.0.4.52
- RAX200 versions prior to 1.0.2.88
- RBS40V versions prior to 2.6.2.4
- R7000P versions prior to 1.3.2.124
- R8000P versions prior to 1.4.1.68
- R6900P versions prior to 1.3.2.124
- R7900P versions prior to 1.4.1.68
- EX6100v2 versions prior to 1.0.1.106
- EX6150v2 versions prior to 1.0.1.106
- EX6250 versions prior to 1.0.0.146
- EX6400 versions prior to 1.0.2.164
- EX6400v2 versions prior to 1.0.0.146
- EX6410 versions prior to 1.0.0.146
- EX6420 versions prior to 1.0.0.146
- EX7300 versions prior to 1.0.2.164
- EX7300v2 versions prior to 1.0.0.146
- EX7320 versions prior to 1.0.0.146
- LBR1020 versions prior to 2.6.5.16
- LBR20 versions prior to 2.6.5.2
- D7000v2 versions prior to 1.0.0.74
- D8500 versions prior to 1.0.3.60
- DC112A versions prior to 1.0.0.56
- R6300v2 versions prior to 1.0.4.50
- R7100LG versions prior to 1.0.0.70
- RBS40V versions prior to 2.6.2.8
- RBW30 versions prior to 2.6.2.2
- R6400v2 versions prior to 1.0.4.118
- R6700v3 versions prior to 1.0.4.118
- CBR750 versions prior to 4.6.3.6
- EAX20 versions prior to 1.0.0.58
- EAX80 versions prior to 1.0.1.68
- EX7500 versions prior to 1.0.0.74
- LAX20 versions prior to 1.1.6.28
- XR1000 versions prior to 1.0.0.58
- MK62 versions prior to 1.0.6.116
- MR60 versions prior to 1.0.6.116
- RAX20 versions prior to 1.0.3.96
- MS60 versions prior to 1.0.6.116
- RAX15 versions prior to 1.0.3.96
- RAX45 versions prior to 1.0.3.96
- RAX50 versions prior to 1.0.3.96
- RAX43 versions prior to 1.0.3.96
- RAX40v2 versions prior to 1.0.3.96
- RAX35v2 versions prior to 1.0.3.96
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة حجب الخدمة (DoS attack)
- تجاوز سعة مخزن الذاكرة المؤقت
- حقن الأوامر (Command Injection)
- الكشف والإفصاح عن معلومات حساسة
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت NETGEAR توضيحًا لهذه التحديثات:
- https://kb.netgear.com/000064450/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2019-0207?article=000064450
- https://kb.netgear.com/000064453/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-PSV-2019-0293?article=000064453
- https://kb.netgear.com/000064454/Security-Advisory-for-Post-Authentication-Command-Injection-on-R8000-PSV-2019-0294?article=000064454
- https://kb.netgear.com/000064456/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0003?article=000064456
- https://kb.netgear.com/000064457/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0052?article=000064457
- https://kb.netgear.com/000064458/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0062?article=000064458
- https://kb.netgear.com/000064459/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-2021-12-20?article=000064459
- https://kb.netgear.com/000064460/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-2021-12-20?article=000064460
- https://kb.netgear.com/000064461/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-2021-12-20?article=000064461
- https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161?article=000064462
- https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278?article=000064437
- https://kb.netgear.com/000064473/Security-Advisory-for-Sensitive-Information-Disclosure-on-R7000-PSV-2020-0174?article=000064473
- https://kb.netgear.com/000064474/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0175?article=000064474
- https://kb.netgear.com/000064475/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0183?article=000064475
- https://kb.netgear.com/000064476/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0195?article=000064476
- https://kb.netgear.com/000064477/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0196?article=000064477
- https://kb.netgear.com/000064478/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2020-0210?article=000064478
- https://kb.netgear.com/000064479/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0246?article=000064479
- https://kb.netgear.com/000064480/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0255?article=000064480
- https://kb.netgear.com/000064481/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0256?article=000064481
- https://kb.netgear.com/000064482/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0261?article=000064482
- https://kb.netgear.com/000064483/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0274?article=000064483
- https://kb.netgear.com/000064484/Security-Advisory-for-Denial-of-Service-on-Some-Extenders-and-WiFi-Systems-PSV-2020-0286?article=000064484
- https://kb.netgear.com/000064485/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0298?article=000064485
- https://kb.netgear.com/000064486/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0320?_ga=2.196978223.268246438.1640153877-812726167.1613451245
- https://kb.netgear.com/000064487/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0322?_ga=2.196978223.268246438.1640153877-812726167.1613451245
- https://kb.netgear.com/000064488/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0323?article=000064488
- https://kb.netgear.com/000064489/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0371?article=000064489
- https://kb.netgear.com/000064490/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0422?article=000064490
- https://kb.netgear.com/000064491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0427?article=000064491
- https://kb.netgear.com/000064492/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0435?article=000064492
- https://kb.netgear.com/000064493/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0437?article=000064493
- https://kb.netgear.com/000064494/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0453?article=000064494
- https://kb.netgear.com/000064495/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0462?article=000064495
- https://kb.netgear.com/000064496/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0464?article=000064496
- https://kb.netgear.com/000064497/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0480?article=000064497
- https://kb.netgear.com/000064498/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2020-0499?article=000064498
- https://kb.netgear.com/000064499/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0506?article=000064499