The official site for Saudi CERT
Your review has been sent successfully
NETGEAR Updates
2980
Warning Date
Severity Level
Warning Number
Target Sector
24 December, 2020
● Critical
2020-2251
All
Description:
NETGEAR has released security updates to address multiple vulnerabilities in the following products:
- AC2100, running firmware versions prior to 1.2.0.72
- AC2400, running firmware versions prior to 1.2.0.72
- AC2600, running firmware versions prior to 1.2.0.72
- CBK40, running firmware versions prior to 2.5.0.10
- CBR40, running firmware versions prior to 2.5.0.10
- D6000, running firmware versions prior to 1.0.0.80
- D6220, running firmware versions prior to 1.0.0.60
- D6400, running firmware versions prior to 1.0.0.94
- D7000v2, running firmware versions prior to 1.0.0.62
- D7800, running firmware versions prior to 1.0.3.48
- D8500, running firmware versions prior to 1.0.3.50
- DC112A, running firmware versions prior to 1.0.0.48
- DGN2200v4, running firmware versions prior to 1.0.0.114
- DM200, running firmware versions prior to 1.0.0.66
- EAX20, running firmware versions prior to 1.0.0.36
- EAX80, running firmware versions prior to 1.0.1.62
- EX2700, running firmware versions prior to 1.0.1.58
- EX3110, running firmware versions prior to 1.0.1.68
- EX3700, running firmware versions prior to 1.0.0.84
- EX3800, running firmware versions prior to 1.0.0.84
- EX3920, running firmware versions prior to 1.0.0.84
- EX6000, running firmware versions prior to 1.0.0.44
- EX6100v2, running firmware versions prior to 1.0.1.94
- EX6110, running firmware versions prior to 1.0.1.68
- EX6120, running firmware versions prior to 1.0.0.54
- EX6130, running firmware versions prior to 1.0.0.36
- EX6150v1, running firmware versions prior to 1.0.0.46
- EX6150v2, running firmware versions prior to 1.0.1.94
- EX6200v1, running firmware versions prior to 1.0.3.94
- EX6250, running firmware versions prior to 1.0.0.128
- EX6400, running firmware versions prior to 1.0.2.152
- EX6400v2, running firmware versions prior to 1.0.0.128
- EX6410, running firmware versions prior to 1.0.0.128
- EX6920, running firmware versions prior to 1.0.0.54
- EX7000, running firmware versions prior to 1.0.1.90
- EX7300, running firmware versions prior to 1.0.2.152
- EX7300v2, running firmware versions prior to 1.0.0.128
- EX7320, running firmware versions prior to 1.0.0.128
- EX7500, running firmware versions prior to 1.0.0.68
- EX7700, running firmware versions prior to 1.0.0.210
- EX8000, running firmware versions prior to 1.0.1.224
- MK62, running firmware versions prior to 1.0.5.102
- MR60, running firmware versions prior to 1.0.5.102
- MS60, running firmware versions prior to 1.0.5.102
- R6120, running firmware versions prior to 1.0.0.70
- R6220, running firmware versions prior to 1.1.0.100
- R6230, running firmware versions prior to 1.1.0.100
- R6250, running firmware versions prior to 1.0.4.42
- R6260, running firmware versions prior to 1.1.0.76
- R6300v2, running firmware versions prior to 1.0.4.42
- R6330, running firmware versions prior to 1.1.0.76
- R6350, running firmware versions prior to 1.1.0.76
- R6400v1, running firmware versions prior to 1.0.1.62
- R6400v2, running firmware versions prior to 1.0.4.98
- R6700v1, running firmware versions prior to 1.0.2.16
- R6700v2, running firmware versions prior to 1.2.0.72
- R6700v3, running firmware versions prior to 1.0.4.98
- R6800, running firmware versions prior to 1.2.0.72
- R6850, running firmware versions prior to 1.1.0.76
- R6900, running firmware versions prior to 1.0.2.16
- R6900P, running firmware versions prior to 1.3.2.124
- R6900v2, running firmware versions prior to 1.2.0.72
- R7000, running firmware versions prior to 1.0.11.106
- R7000P, running firmware versions prior to 1.3.2.124
- R7100LG, running firmware versions prior to 1.0.0.56
- R7200, running firmware versions prior to 1.2.0.72
- R7350, running firmware versions prior to 1.2.0.72
- R7400, running firmware versions prior to 1.2.0.72
- R7450, running firmware versions prior to 1.2.0.72
- R7500v2, running firmware versions prior to 1.0.3.48
- R7800, running firmware versions prior to 1.0.2.74
- R7850, running firmware versions prior to 1.0.5.60
- R7900, running firmware versions prior to 1.0.4.26
- R7900P, running firmware versions prior to 1.4.1.62
- R7960P, running firmware versions prior to 1.4.1.62
- R8000, running firmware versions prior to 1.0.4.58
- R8000P, running firmware versions prior to 1.4.1.62
- R8300, running firmware versions prior to 1.0.2.134
- R8500, running firmware versions prior to 1.0.2.134
- R8900, running firmware versions prior to 1.0.5.24
- R9000, running firmware versions prior to 1.0.5.24
- RAX120, running firmware versions prior to 1.0.1.136
- RAX15, running firmware versions prior to 1.0.1.64
- RAX20, running firmware versions prior to 1.0.1.64
- RAX200, running firmware versions prior to 1.0.5.24
- RAX35, running firmware versions prior to 1.0.3.80
- RAX40, running firmware versions prior to 1.0.3.80
- RAX45, running firmware versions prior to 1.0.2.64
- RAX50, running firmware versions prior to 1.0.2.64
- RAX75, running firmware versions prior to 1.0.3.102
- RAX80, running firmware versions prior to 1.0.3.102
- RBK12, running firmware versions prior to 2.6.1.44
- RBR10, running firmware versions prior to 2.6.1.44
- RBS10, running firmware versions prior to 2.6.1.44
- RBK20, running firmware versions prior to 2.6.1.38
- RBR20, running firmware versions prior to 2.6.1.36
- RBS20, running firmware versions prior to 2.6.1.38
- RBK40, running firmware versions prior to 2.6.1.38
- RBR40, running firmware versions prior to 2.6.1.38
- RBS40, running firmware versions prior to 2.6.1.38
- RBK50, running firmware versions prior to 2.6.1.40
- RBR50, running firmware versions prior to 2.6.1.40
- RBS50, running firmware versions prior to 2.6.1.40
- RBK752, running firmware versions prior to 3.2.16.6
- RBR750, running firmware versions prior to 3.2.16.6
- RBS750, running firmware versions prior to 3.2.16.6
- RBK842, running firmware versions prior to 3.2.16.6
- RBR840, running firmware versions prior to 3.2.16.6
- RBS840, running firmware versions prior to 3.2.16.6
- RBK852, running firmware versions prior to 3.2.16.6
- RBR850, running firmware versions prior to 3.2.16.6
- RBS850, running firmware versions prior to 3.2.16.6
- RBS40V, running firmware versions prior to 2.5.1.6
- D6000, running firmware versions prior to 1.0.0.78
- D6400, running firmware versions prior to 1.0.0.88
- D7800, running firmware versions prior to 1.0.1.56
- R7500v2, running firmware versions prior to 1.0.3.46
- R7800, running firmware versions prior to 1.0.2.68
- RAX120, running firmware versions prior to 1.0.0.78
- RBK22, running firmware versions prior to 2.3.5.26
- RBR20, running firmware versions prior to 2.3.5.26
- RBS20, running firmware versions prior to 2.3.5.26
- RBK40, running firmware versions prior to 2.3.5.30
- RBR40, running firmware versions prior to 2.3.5.30
- RBS40, running firmware versions prior to 2.3.5.30
- RBK50, running firmware versions prior to 2.3.5.30
- RBR50, running firmware versions prior to 2.3.5.30
- RBS50, running firmware versions prior to 2.3.5.30
- WN3000RPv2, running firmware versions prior to 1.0.0.78
- DC112A, running firmware versions prior to 1.0.0.44
- EX6200, running firmware versions prior to 1.0.3.90
- EX6200v2, running firmware versions prior to 1.0.1.78
- EX7000, running firmware versions prior to 1.0.0.68
- EX8000, running firmware versions prior to 1.0.1.202
- R6400, running firmware versions prior to 1.0.1.50
- R7000, running firmware versions prior to 1.0.9.88
- R7300DST, running firmware versions prior to 1.0.0.74
- R7900, running firmware versions prior to 1.0.3.18
- R8000, running firmware versions prior to 1.0.4.46
- R8900, running firmware versions prior to 1.0.5.2
- R9000, running firmware versions prior to 1.0.5.2
- XR500, running firmware versions prior to 2.3.2.56
- XR700, running firmware versions prior to 1.0.1.20
- D6200, running firmware versions prior to 1.1.00.40
- D7000, running firmware versions prior to 1.0.1.78
- R6020, running firmware versions prior to 1.0.0.46
- R6080, running firmware versions prior to 1.0.0.46
- R6120, running firmware versions prior to 1.0.0.72
- R6700v2, running firmware versions prior to 1.2.0.74
- R6800, running firmware versions prior to 1.2.0.74
- R6900v2, running firmware versions prior to 1.2.0.74
- R7450, running firmware versions prior to 1.2.0.74
- AC2100, running firmware versions prior to 1.2.0.74
- AC2400, running firmware versions prior to 1.2.0.74
- AC2600, running firmware versions prior to 1.2.0.74
- MC327HW, running firmware versions prior to 2.0.13
- D7800, running firmware versions prior to 1.0.1.58
- R6020, running firmware versions prior to 1.0.0.44
- R6080, running firmware versions prior to 1.0.0.44
- R6400, running firmware versions prior to 1.0.1.62
- R6700, running firmware versions prior to 1.0.2.16
- R8900, running firmware versions prior to 1.0.5.18
- EX6100, running firmware versions prior to 1.0.2.28
- EX6150, running firmware versions prior to 1.0.0.46
- EX6200, running firmware versions prior to 1.0.3.94
- MK62, running firmware versions prior to 1.0.4.98
- MR60, running firmware versions prior to 1.0.4.98
- MS60, running firmware versions prior to 1.0.4.98
- RAX200, running firmware versions prior to 1.0.2.102
- RAX45, running firmware versions prior to 1.0.2.32
- RAX50, running firmware versions prior to 1.0.2.32
- RBS40V-200, running firmware versions prior to 1.0.0.46
- RBW30, running firmware versions prior to 2.5.0.4
- RS400, running firmware versions prior to 1.5.0.48
- WN2500RPv2, running firmware versions prior to 1.0.1.56
- WN3500RP, running firmware versions prior to 1.0.0.28
- WNDR3400v3, running firmware versions prior to 1.0.1.32
- WNR1000v3, running firmware versions prior to 1.0.2.78
- WNR2000v2, running firmware versions prior to 1.2.0.12
- WNR3500Lv2, running firmware versions prior to 1.2.0.62
- XR300, running firmware versions prior to 1.0.3.50
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Command injection
- Sensitive information disclosure
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:
- https://kb.netgear.com/000062729/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2018-0539
- https://kb.netgear.com/000062730/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2018-0557
- https://kb.netgear.com/000062731/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Range-Extenders-PSV-2019-0029
- https://kb.netgear.com/000062732/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-PSV-2019-0110
- https://kb.netgear.com/000062733/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0112
- https://kb.netgear.com/000062734/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0129
- https://kb.netgear.com/000062735/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0154
- https://kb.netgear.com/000062736/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0211
- https://kb.netgear.com/000062737/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Range-Extenders-and-Orbi-WiFi-Systems-PSV-2020-0224
- https://kb.netgear.com/000062738/Security-Advisory-for-Using-Components-with-Known-Vulnerabilities-on-MC327HW-PSV-2020-0271
Last updated at 24 December, 2020
Rate the content
Share the page
