NETGEAR Updates
3036Warning Date
Severity Level
Warning Number
Target Sector
20 September, 2020
● Critical
2020-1808
All
Description:
NETGEAR has released security updates to address several vulnerabilities in the following products:
- AC2100, running firmware versions prior to 1.2.0.62
- AC2400, running firmware versions prior to 1.2.0.62
- AC2600, running firmware versions prior to 1.2.0.62
- CBR40, running firmware versions prior to 2.5.0.10
- D6100, running firmware versions prior to 1.0.0.63
- D6200, running firmware versions prior to 1.1.00.40
- D6220, running firmware versions prior to 1.0.0.60
- D6400, running firmware versions prior to 1.0.0.94
- D7000, running firmware versions prior to 1.0.1.78
- D7000v2, running firmware versions prior to 1.0.0.62
- D7800, running firmware versions prior to 1.0.1.58
- D8500, running firmware versions prior to 1.0.3.50
- DC112A, running firmware versions prior to 1.0.0.48
- DGN2200v4, running firmware versions prior to 1.0.0.114
- EAX20, running firmware versions prior to 1.0.0.36
- EAX80, running firmware versions prior to 1.0.1.62
- EX3700, running firmware versions prior to 1.0.0.84
- EX3800, running firmware versions prior to 1.0.0.84
- EX3920, running firmware versions prior to 1.0.0.84
- EX6000, running firmware versions prior to 1.0.0.44
- EX6100, running firmware versions prior to 1.0.2.28
- EX6120, running firmware versions prior to 1.0.0.54
- EX6130, running firmware versions prior to 1.0.0.36
- EX6150, running firmware versions prior to 1.0.0.46
- EX6200, running firmware versions prior to 1.0.3.94
- EX6920, running firmware versions prior to 1.0.0.54
- EX7000, running firmware versions prior to 1.0.1.90
- EX7500, running firmware versions prior to 1.0.0.68
- EX7700, running firmware versions prior to 1.0.0.210
- GS110EMX, running firmware versions prior to 1.0.1.7
- GS808E, running firmware versions prior to 1.7.1.0
- GS810EMX, running firmware versions prior to 1.7.1.3
- JGS516PE, running firmware versions prior to 2.6.0.43
- JR6150, running firmware versions prior to 1.0.1.26
- MK62, running firmware versions prior to 1.0.5.102
- MR60, running firmware versions prior to 1.0.5.102
- MS60, running firmware versions prior to 1.0.5.102
- R6020, running firmware versions prior to 1.0.0.42
- R6050, running firmware versions prior to 1.0.1.26
- R6080, running firmware versions prior to 1.0.0.42
- R6120, running firmware versions prior to 1.0.0.66
- R6220, running firmware versions prior to 1.1.0.100
- R6230, running firmware versions prior to 1.1.0.100
- R6250, running firmware versions prior to 1.0.4.42
- R6260, running firmware versions prior to 1.1.0.66
- R6300v2, running firmware versions prior to 1.0.4.42
- R6400, running firmware versions prior to 1.0.1.62
- R6400v2, running firmware versions prior to 1.0.2.66
- R6400v2, running firmware versions prior to 1.0.4.98
- R6700, running firmware versions prior to 1.0.2.16
- R6700v2, running firmware versions prior to 1.2.0.62
- R6700v3, running firmware versions prior to 1.0.2.66
- R6700v3, running firmware versions prior to 1.0.4.98
- R6800, running firmware versions prior to 1.2.0.62
- R6900, running firmware versions prior to 1.0.2.16
- R6900P, running firmware versions prior to 1.3.2.124
- R6900v2, running firmware versions prior to 1.2.0.62
- R7000, running firmware versions prior to 1.0.11.106
- R7000P, running firmware versions prior to 1.3.2.124
- R7100LG, running firmware versions prior to 1.0.0.50
- R7100LG, running firmware versions prior to 1.0.0.56
- R7300DST, running firmware versions prior to 1.0.0.70
- R7450, running firmware versions prior to 1.2.0.62
- R7500v2, running firmware versions prior to 1.0.3.48
- R7800, running firmware versions prior to 1.0.2.68
- R7850, running firmware versions prior to 1.0.5.60
- R7900, running firmware versions prior to 1.0.3.8
- R7900, running firmware versions prior to 1.0.4.26
- R7900P, running firmware versions prior to 1.4.1.62
- R7960P, running firmware versions prior to 1.4.1.62
- R8000, running firmware versions prior to 1.0.4.58
- R8000P, running firmware versions prior to 1.4.1.62
- R8300, running firmware versions prior to 1.0.2.134
- R8500, running firmware versions prior to 1.0.2.134
- R8900, running firmware versions prior to 1.0.4.28
- R9000, running firmware versions prior to 1.0.4.28
- RAX120, running firmware versions prior to 1.0.0.78
- RAX15, running firmware versions prior to 1.0.1.54
- RAX20, running firmware versions prior to 1.0.1.54
- RAX200, running firmware versions prior to 1.0.2.8
- RAX40, running firmware versions prior to 1.0.3.80
- RAX45, running firmware versions prior to 1.0.2.32
- RAX50, running firmware versions prior to 1.0.2.32
- RAX75, running firmware versions prior to 1.0.2.76
- RAX80, running firmware versions prior to 1.0.2.76
- RBK20, running firmware versions prior to 2.3.0.28
- RBK40, running firmware versions prior to 2.3.0.28
- RBK50, running firmware versions prior to 2.3.0.32
- RBK50, running firmware versions prior to 2.3.5.30
- RBK752, running firmware versions prior to 3.2.15.25
- RBK752, running firmware versions prior to 3.2.16.6
- RBK852, running firmware versions prior to 3.2.10.11
- RBK852, running firmware versions prior to 3.2.15.25
- RBK852, running firmware versions prior to 3.2.16.6
- RBR20, running firmware versions prior to 2.3.0.28
- RBR40, running firmware versions prior to 2.3.0.28
- RBR50, running firmware versions prior to 2.3.0.32
- RBR50, running firmware versions prior to 2.3.5.30
- RBR750, running firmware versions prior to 3.2.15.25
- RBR750, running firmware versions prior to 3.2.16.6
- RBR840, running firmware versions prior to 3.2.16.6
- RBR850, running firmware versions prior to 3.2.10.11
- RBR850, running firmware versions prior to 3.2.15.25
- RBR850, running firmware versions prior to 3.2.16.6
- RBS20, running firmware versions prior to 2.3.0.28
- RBS40, running firmware versions prior to 2.3.0.28
- RBS40V-100, running firmware versions prior to 2.5.1.6
- RBS40V-200, running firmware versions prior to 1.0.0.46
- RBS50, running firmware versions prior to 2.3.0.32
- RBS50, running firmware versions prior to 2.3.5.30
- RBS750, running firmware versions prior to 3.2.15.25
- RBS750, running firmware versions prior to 3.2.16.6
- RBS850, running firmware versions prior to 3.2.10.11
- RBS850, running firmware versions prior to 3.2.15.25
- RBS850, running firmware versions prior to 3.2.16.6
- RBW30, running firmware versions prior to 2.5.0.4
- RS400, running firmware versions prior to 1.5.0.48
- SRK60, running firmware versions prior to 2.2.2.20
- SRK60, running firmware versions prior to 2.5.2.104
- SRK60, running firmware versions prior to 2.5.3.110
- SRR60, running firmware versions prior to 2.2.2.20
- SRR60, running firmware versions prior to 2.5.2.104
- SRR60, running firmware versions prior to 2.5.3.110
- SRS60, running firmware versions prior to 2.2.2.20
- SRS60, running firmware versions prior to 2.5.2.104
- SRS60, running firmware versions prior to 2.5.3.110
- WAC124, running firmware versions prior to 1.0.4.6
- WAC510, running firmware versions prior to 8.2.6.7
- WAC720, running firmware versions prior to 3.9.1.13
- WAC730, running firmware versions prior to 3.9.1.13
- WC7500, running firmware versions prior to 6.5.5.24
- WC7600, running firmware versions prior to 6.5.5.24
- WC7600v2, running firmware versions prior to 6.5.5.24
- WC9500, running firmware versions prior to 6.5.5.24
- WN2500RPv2, running firmware versions prior to 1.0.1.56
- WN3000RPv2, running firmware versions prior to 1.0.0.78
- WNDR3400v3, running firmware versions prior to 1.0.1.32
- WNDR4300v2, running firmware versions prior to 1.0.0.58
- WNDR4500v3, running firmware versions prior to 1.0.0.58
- WNR1000v3, running firmware versions prior to 1.0.2.78
- WNR2000v2, running firmware versions prior to 1.2.0.12
- WNR2000v5, running firmware versions prior to 1.0.0.70
- WNR2020, running firmware versions prior to 1.1.0.62
- XR300, running firmware versions prior to 1.0.3.50
- XR450, running firmware versions prior to 2.3.2.40
- XR500, running firmware versions prior to 2.3.2.56
- XR700, running firmware versions prior to 1.0.1.10
- XS512EM, running firmware versions prior to 1.0.1.3
- XS724EM, running firmware versions prior to 1.0.1.3
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized disclosure of information
- Authentication bypass
- Denial of service attack (DoS)
- Cross-site scripting (XSS)
Best practice and Recommendations:
The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:
- https://kb.netgear.com/000062321/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Controllers-PSV-2020-0268
- https://kb.netgear.com/000062322/Security-Advisory-for-Security-Misconfiguration-on-EX7700-PSV-2020-0109
- https://kb.netgear.com/000062323/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0011
- https://kb.netgear.com/000062324/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0027
- https://kb.netgear.com/000062325/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0109
- https://kb.netgear.com/000062326/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0028
- https://kb.netgear.com/000062327/Security-Advisory-for-Denial-of-Service-on-GS808E-PSV-2019-0200
- https://kb.netgear.com/000062328/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2020-0141
- https://kb.netgear.com/000062329/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Wireless-Controllers-PSV-2020-0180
- https://kb.netgear.com/000062330/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Wireless-Controllers-PSV-2020-0139
- https://kb.netgear.com/000062331/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Wireless-Access-Points-Routers-and-WiFi-Systems-PSV-2020-0136
- https://kb.netgear.com/000062332/Security-Advisory-for-Authentication-Bypass-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0305
- https://kb.netgear.com/000062333/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0327
- https://kb.netgear.com/000062334/Security-Advisory-for-Missing-Function-Level-Access-Control-on-JGS516PE-PSV-2020-0377
- https://kb.netgear.com/000062335/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extenders-and-Routers-PSV-2018-0243
- https://kb.netgear.com/000062336/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Extender-and-Routers-PSV-2018-0242
- https://kb.netgear.com/000062337/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2019-0012
- https://kb.netgear.com/000062338/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0554
- https://kb.netgear.com/000062339/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2019-0014
- https://kb.netgear.com/000062340/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-WiFi-Systems-PSV-2018-0140
- https://kb.netgear.com/000062341/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2019-0018
- https://kb.netgear.com/000062342/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Routers-PSV-2019-0016
- https://kb.netgear.com/000062344/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-PSV-2020-0163
- https://kb.netgear.com/000062345/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-WiFi-Systems-PSV-2020-0009
- https://kb.netgear.com/000062347/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0264
- https://kb.netgear.com/000062348/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0048
- https://kb.netgear.com/000062349/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0047
- https://kb.netgear.com/000062350/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0046
- https://kb.netgear.com/000062351/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0043
- https://kb.netgear.com/000062352/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0041
- https://kb.netgear.com/000062353/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0036
- https://kb.netgear.com/000062354/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0032
- https://kb.netgear.com/000062355/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2020-0030
- https://kb.netgear.com/000062356/Security-Advisory-for-Security-Misconfiguration-on-RAX40-PSV-2019-0267
- https://kb.netgear.com/000062357/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-WiFi-Systems-PSV-2020-0045