NETGEAR Alert
7425Warning Date
Severity Level
Warning Number
Target Sector
15 March, 2023
● High
2023-5508
All
NETGEAR has released security update to address several vulnerabilities in the following products:
- Routers and WiFi Systems
- CBR40 fixed in firmware version 2.5.0.28
- CBR750 fixed in firmware version 4.6.14.4
- NBR750 fixed in firmware version 4.6.5.11
- RBK752 fixed in firmware version 4.6.7.13
- RBR750 fixed in firmware version 4.6.7.13
- RBS750 fixed in firmware version 4.6.7.13
- RBK842 fixed in firmware version 4.6.7.13
- RBR840 fixed in firmware version 4.6.7.13
- RBS840 fixed in firmware version 4.6.7.13
- RBK852 fixed in firmware version 4.6.7.13
- RBR850 fixed in firmware version 4.6.7.13
- RBS850 fixed in firmware version 4.6.7.13
- RBKE962 fixed in firmware version 6.0.3.68
- RBRE960 fixed in firmware version 6.0.3.68
- RBSE960 fixed in firmware version 6.0.3.68
- LAX20 fixed in firmware version 1.1.6.30
- MK62 fixed in firmware version 1.1.6.122
- MR60 fixed in firmware version 1.1.6.122
- MS60 fixed in firmware version 1.1.6.122
- MK83 fixed in firmware version 1.1.6.14
- MR80 fixed in firmware version 1.1.6.14
- MS80 fixed in firmware version 1.1.6.14
- R7960P fixed in firmware version 1.4.4.94
- R8000P fixed in firmware version 1.4.4.94
- RAX15 fixed in firmware version 1.0.10.110
- RAX20 fixed in firmware version 1.0.10.110
- RAX200 fixed in firmware version 1.0.6.138
- RAX35v2 fixed in firmware version 1.0.4.100
- RAX38v2 fixed in firmware version 1.0.4.100
- RAX40v2 fixed in firmware version 1.0.4.100
- RAX42 fixed in firmware version 1.0.4.100
- RAX43 fixed in firmware version 1.0.4.100
- RAX45 fixed in firmware version 1.0.4.100
- RAX48 fixed in firmware version 1.0.4.100
- RAX50 fixed in firmware version 1.0.4.100
- RAX50S fixed in firmware version 1.0.4.100
- RAX75 fixed in firmware version 1.0.6.138
- RAX80 fixed in firmware version 1.0.6.138
- RAXE450 fixed in firmware version 1.0.8.70
- RAXE500 fixed in firmware version 1.0.8.70
- RBK840 fixed in firmware version 4.6.7.13
- XR1000 fixed in firmware version 1.0.0.64
An attacker could exploit these vulnerabilities by doing the following:
- Post-authentication command injection
- Authentication Bypass
The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:
- https://kb.netgear.com/000065573/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2021-0179?article=000065573
- https://kb.netgear.com/000065574/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2021-0182?article=000065574
- https://kb.netgear.com/000065576/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0264?article=000065576