NETGEAR Updates
2719Warning Date
Severity Level
Warning Number
Target Sector
28 September, 2021
● Critical
2021-3585
All
Description:
NETGEAR has released security updates to address multiple vulnerabilities in their products, mainly:
- CBR750, running firmware versions prior to 4.6.3.6
- RBK752, running firmware versions prior to 3.2.17.12
- RBR750, running firmware versions prior to 3.2.17.12
- RBS750, running firmware versions prior to 3.2.17.12
- RBK852, running firmware versions prior to 3.2.17.12
- RBR850, running firmware versions prior to 3.2.17.12
- RBS850, running firmware versions prior to 3.2.17.12
- RBS850, running firmware versions prior to 3.2.17.12
- CBR40, running firmware versions prior to 2.5.0.24
- CBR40, running firmware versions prior to 2.5.0.24
- XR1000, running firmware versions prior to 1.0.0.58
- RBK352, running firmware versions prior to 4.4.0.10
- RBR350, running firmware versions prior to 4.4.0.10
- RBS350, running firmware versions prior to 4.4.0.10
- R6400v2, running firmware versions prior to 1.0.4.118
- R6700v3, running firmware versions prior to 1.0.4.118
- D7000v2 fixed in firmware version 1.0.0.74
- R6400 fixed in firmware version 1.0.1.74
- R6400v2 fixed in firmware version 1.0.4.118
- R6700v3 fixed in firmware version 1.0.4.118
- R6900P fixed in firmware version 1.3.3.140
- R7000 fixed in firmware version 1.0.11.126
- R7000P fixed in firmware version 1.3.3.140
- R8300 fixed in firmware version 1.0.2.154
- R8500 fixed in firmware version 1.0.2.154
- RS400 fixed in firmware version 1.5.1.80
- XR300 fixed in firmware version 1.0.3.66_HOTFIX
- RAX200, running firmware versions prior to 1.0.4.120
- RAX75, running firmware versions prior to 1.0.4.120
- RAX80, running firmware versions prior to 1.0.4.120
- D7000v2, running firmware versions prior to 1.0.0.74
- LAX20, running firmware versions prior to 1.1.6.28
- MK62, running firmware versions prior to 1.0.6.116
- MR60, running firmware versions prior to 1.0.6.116
- MS60, running firmware versions prior to 1.0.6.116
- RAX15, running firmware versions prior to 1.0.3.96
- RAX20, running firmware versions prior to 1.0.3.96
- RAX45, running firmware versions prior to 1.0.3.96
- RAX50, running firmware versions prior to 1.0.3.96
- RAX43, running firmware versions prior to 1.0.3.96
- RAX40v2, running firmware versions prior to 1.0.3.96
- RAX35v2, running firmware versions prior to 1.0.3.96
- XR1000, running
- CBR40, running firmware versions prior to 2.5.0.24
- CBR750, running firmware versions prior to 4.6.3.6
- D7000v2, running firmware versions prior to 1.0.0.74
- LAX20, running firmware versions prior to 1.1.6.28
- MK62, running firmware versions prior to 1.0.6.116
- MR60, running firmware versions prior to 1.0.6.116
- MS60, running firmware versions prior to 1.0.6.116
- MR80, running firmware versions prior to 1.1.2.20
- MS80, running firmware versions prior to 1.1.2.20
- RAX15, running firmware versions prior to 1.0.3.96
- RAX20, running firmware versions prior to 1.0.3.96
- RAX200, running firmware versions prior to 1.0.4.120
- RAX45, running firmware versions prior to 1.0.3.96
- RAX50, running firmware versions prior to 1.0.3.96
- RAX43, running firmware versions prior to 1.0.3.96
- RAX40v2, running firmware versions prior to 1.0.3.96
- RAX35v2, running firmware versions prior to 1.0.3.96
- RAX75, running firmware versions prior to 1.0.4.120
- RAX80, running firmware versions prior to 1.0.4.120
- RBK752, running firmware versions prior to 3.2.17.12
- RBR750, running firmware versions prior to 3.2.17.12
- RBS750, running firmware versions prior to 3.2.17.12
- RBK852, running firmware versions prior to 3.2.17.12
- RBR850, running firmware versions prior to 3.2.17.12
- RBS850, running firmware versions prior to 3.2.17.12
- XR1000, running firmware versions prior to 1.0.0.58
- CBR750, running firmware versions prior to 3.2.18.2
- RBS40V, running firmware versions prior to 2.6.2.4
- RBW30, running firmware versions prior to 2.6.2.2
- RBR852, running firmware versions prior to 3.2.17.12
- RBS40V, running firmware versions prior to 2.6.2.8
- R7000P, running firmware versions prior to 1.3.3.140
- R8000, running firmware versions prior to 1.0.4.68
- RBK20, running firmware versions prior to 2.6.1.36/ 2.6.1.38
- RBR20, running firmware versions prior to 2.6.1.36
- RBS20, running firmware versions prior to 2.6.1.38
- RBK40, running firmware versions prior to 2.6.1.36/ 2.6.1.38
- RBR40, running firmware versions prior to 2.6.1.36
- RBS40, running firmware versions prior to 2.6.1.38
- RBK50, running firmware versions prior to 2.6.1.40
- RBR50, running firmware versions prior to 2.6.1.40
- RBS50, running firmware versions prior to 2.6.1.40
- RBS50Y, running firmware versions prior to 2.6.1.40
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- sensitive information disclosure
- Command Injection
Best practice and Recommendations:
The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:
- https://kb.netgear.com/000064146/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0555?article=000064146
- https://kb.netgear.com/000064147/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0563?article=000064147
- https://kb.netgear.com/000064148/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0564?article=000064148
- https://kb.netgear.com/000064149/Security-Advisory-for-Command-Injection-on-XR1000-PSV-2021-0010?article=000064149
- https://kb.netgear.com/000064150/Security-Advisory-for-Authentication-Bypass-on-XR1000-PSV-2021-0011?article=000064150
- https://kb.netgear.com/000064151/Security-Advisory-for-Hardcoded-Password-on-Some-WiFi-Systems-PSV-2021-0012?article=000064151
- https://kb.netgear.com/000064152/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-WiFi-Systems-PSV-2021-0013?article=000064152
- https://kb.netgear.com/000064153/Security-Advisory-for-Sensitive-Information-Disclosure-on-XR1000-PSV-2021-0015?article=000064153
- https://kb.netgear.com/000064154/Security-Advisory-for-Command-Injection-on-XR1000-PSV-2021-0018?article=000064154
- https://kb.netgear.com/000064159/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2021-0035?article=000064159
- https://kb.netgear.com/000064160/Security-Advisory-for-Arbitrary-File-Read-on-Some-WiFi-Systems-PSV-2021-0044?article=000064160
- https://kb.netgear.com/000064161/Security-Advisory-for-Hardcoded-Password-on-Some-WiFi-Systems-PSV-2021-0045?article=000064161
- https://kb.netgear.com/000064144/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0544?article=000064144
- https://kb.netgear.com/000064143/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0540?article=000064143
- https://kb.netgear.com/000064142/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0539?article=000064142
- https://kb.netgear.com/000064141/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0520?article=000064141
- https://kb.netgear.com/000064140/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0516?article=000064140
- https://kb.netgear.com/000064139/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0515?article=000064139
- https://kb.netgear.com/000064138/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0508?article=000064138
- https://kb.netgear.com/000064137/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0505?article=000064137
- https://kb.netgear.com/000064136/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0504?article=000064136
- https://kb.netgear.com/000064135/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0498?article=000064135
- https://kb.netgear.com/000064134/Security-Advisory-for-Pre-Authentication-Command-Injection-on-WiFi-Systems-PSV-2020-0491?article=000064134
- https://kb.netgear.com/000064133/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0490?article=000064133
- https://kb.netgear.com/000064132/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0488?article=000064132
- https://kb.netgear.com/000064131/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0487?article=000064131
- https://kb.netgear.com/000064130/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0483?article=000064130
- https://kb.netgear.com/000064129/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0477?article=000064129
- https://kb.netgear.com/000064128/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0475?article=000064128
- https://kb.netgear.com/000064126/Security-Advisory-for-Authentication-Bypass-on-Some-WiFi-Systems-PSV-2020-0473?article=000064126
- https://kb.netgear.com/000064125/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0472?article=000064125
- https://kb.netgear.com/000064068/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2019-0152?article=000064068
- https://kb.netgear.com/000064070/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2019-0183?article=000064070