Your review has been sent successfully

NETGEAR Alert

7425
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

15 March, 2023

● High

2023-5508

All

Description:

NETGEAR has released security update to address several vulnerabilities in the following products:

  • Routers and WiFi Systems
    • CBR40 fixed in firmware version 2.5.0.28
    • CBR750 fixed in firmware version 4.6.14.4
    • NBR750 fixed in firmware version 4.6.5.11
    • RBK752 fixed in firmware version 4.6.7.13
    • RBR750 fixed in firmware version 4.6.7.13
    • RBS750 fixed in firmware version 4.6.7.13
    • RBK842 fixed in firmware version 4.6.7.13
    • RBR840 fixed in firmware version 4.6.7.13
    • RBS840 fixed in firmware version 4.6.7.13
    • RBK852 fixed in firmware version 4.6.7.13
    • RBR850 fixed in firmware version 4.6.7.13
    • RBS850 fixed in firmware version 4.6.7.13
    • RBKE962 fixed in firmware version 6.0.3.68
    • RBRE960 fixed in firmware version 6.0.3.68
    • RBSE960 fixed in firmware version 6.0.3.68
    • LAX20 fixed in firmware version 1.1.6.30
    • MK62 fixed in firmware version 1.1.6.122
    • MR60 fixed in firmware version 1.1.6.122
    • MS60 fixed in firmware version 1.1.6.122
    • MK83 fixed in firmware version 1.1.6.14
    • MR80 fixed in firmware version 1.1.6.14
    • MS80 fixed in firmware version 1.1.6.14
    • R7960P fixed in firmware version 1.4.4.94
    • R8000P fixed in firmware version 1.4.4.94
    • RAX15 fixed in firmware version 1.0.10.110
    • RAX20 fixed in firmware version 1.0.10.110
    • RAX200 fixed in firmware version 1.0.6.138
    • RAX35v2 fixed in firmware version 1.0.4.100
    • RAX38v2 fixed in firmware version 1.0.4.100
    • RAX40v2 fixed in firmware version 1.0.4.100
    • RAX42 fixed in firmware version 1.0.4.100
    • RAX43 fixed in firmware version 1.0.4.100
    • RAX45 fixed in firmware version 1.0.4.100
    • RAX48 fixed in firmware version 1.0.4.100
    • RAX50 fixed in firmware version 1.0.4.100
    • RAX50S fixed in firmware version 1.0.4.100
    • RAX75 fixed in firmware version 1.0.6.138
    • RAX80 fixed in firmware version 1.0.6.138
    • RAXE450 fixed in firmware version 1.0.8.70
    • RAXE500 fixed in firmware version 1.0.8.70
    • RBK840 fixed in firmware version 4.6.7.13
    • XR1000 fixed in firmware version 1.0.0.64
Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Post-authentication command injection
  • Authentication Bypass
Best practice and Recommendations:

The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:

  • https://kb.netgear.com/000065573/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2021-0179?article=000065573
  • https://kb.netgear.com/000065574/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2021-0182?article=000065574
  • https://kb.netgear.com/000065576/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0264?article=000065576
Last updated at 15 March, 2023

Rate the content

rate-icon
up icon