The official site for Saudi CERT
Your review has been sent successfully
NETGEAR Updates
1712
Warning Date
Severity Level
Warning Number
Target Sector
16 December, 2020
● Medium
2020-2212
All
Description:
NETGEAR has released security updates to address several vulnerabilities in the following products:
- WAX610, running firmware versions prior to 9.0.2.3
- CBR40, running firmware versions prior to 2.5.0.10
- D6220, running firmware versions prior to 1.0.0.60
- D6400, running firmware versions prior to 1.0.0.94
- D7000v2, running firmware versions prior to 1.0.0.62
- D8500, running firmware versions prior to 1.0.3.50
- DC112A, running firmware versions prior to 1.0.0.48
- DGN2200v4, running firmware versions prior to 1.0.0.114
- EAX20, running firmware versions prior to 1.0.0.36
- EAX80, running firmware versions prior to 1.0.1.62
- EX7500, running firmware versions prior to 1.0.0.68
- MK62, running firmware versions prior to 1.0.5.102
- MR60, running firmware versions prior to 1.0.5.102
- MS60, running firmware versions prior to 1.0.5.102
- R6250, running firmware versions prior to 1.0.4.42
- R6300v2, running firmware versions prior to 1.0.4.42
- R6400, running firmware versions prior to 1.0.1.62
- R6400v2, running firmware versions prior to 1.0.4.98
- R6700, running firmware versions prior to 1.0.2.16
- R6700V3, running firmware versions prior to 1.0.4.98
- R6900, running firmware versions prior to 1.0.2.16
- R6900P, running firmware versions prior to 1.3.2.124
- R7000, running firmware versions prior to 1.0.11.106
- R7000P, running firmware versions prior to 1.3.2.124
- R7100LG, running firmware versions prior to 1.0.0.56
- R7850, running firmware versions prior to 1.0.5.60
- R7900, running firmware versions prior to 1.0.4.26
- R7900P, running firmware versions prior to 1.4.1.62
- R7960P, running firmware versions prior to 1.4.1.62
- R8000, running firmware versions prior to 1.0.4.52
- R8000P, running firmware versions prior to 1.4.1.62
- R8300, running firmware versions prior to 1.0.2.134
- R8500, running firmware versions prior to 1.0.2.134
- RAX15, running firmware versions prior to 1.0.1.64
- RAX20, running firmware versions prior to 1.0.1.64
- RAX200, running firmware versions prior to 1.0.2.102
- RAX45, running firmware versions prior to 1.0.2.32
- RAX50, running firmware versions prior to 1.0.2.32
- RAX75, running firmware versions prior to 1.0.3.102
- RAX80, running firmware versions prior to 1.0.3.102
- RBW30, running firmware versions prior to 2.5.0.4
- RBS40V (Orbi Mode), running firmware versions prior to 2.5.1.6
- RBS40V (Extender Mode), running firmware versions prior to 1.0.0.46
- RBK752, running firmware versions prior to 3.2.16.6
- RBR750, running firmware versions prior to 3.2.16.6
- RBS750, running firmware versions prior to 3.2.16.6
- RBK842, running firmware versions prior to 3.2.16.6
- RBR840, running firmware versions prior to 3.2.16.6
- RBS840, running firmware versions prior to 3.2.16.6
- RBK852, running firmware versions prior to 3.2.16.6
- RBR850, running firmware versions prior to 3.2.16.6
- RBS850, running firmware versions prior to 3.2.16.6
- RS400, running firmware versions prior to 1.5.0.48
- WNDR3400v3, running firmware versions prior to 1.0.1.32
- WNR1000v3, running firmware versions prior to 1.0.2.78
- WNR2000v2, running firmware versions prior to 1.2.0.12
- WNR3500Lv2, running firmware versions prior to 1.2.0.62
- XR300, running firmware versions prior to 1.0.3.50
- RBS40V, running firmware versions prior to 2.6.1.4
- RBK752, running firmware versions prior to 3.2.15.25
- RBR750, running firmware versions prior to 3.2.15.25
- RBS750, running firmware versions prior to 3.2.15.25
- RBK852, running firmware versions prior to 3.2.15.25
- RBR850, running firmware versions prior to 3.2.15.25
- RBS850, running firmware versions prior to 3.2.15.25
- EX3700, running firmware versions prior to 1.0.0.84
- EX3800, running firmware versions prior to 1.0.0.84
- EX3920, running firmware versions prior to 1.0.0.84
- EX6000, running firmware versions prior to 1.0.0.44
- EX6100, running firmware versions prior to 1.0.2.28
- EX6120, running firmware versions prior to 1.0.0.54
- EX6130, running firmware versions prior to 1.0.0.36
- EX6150, running firmware versions prior to 1.0.0.46
- EX6200, running firmware versions prior to 1.0.3.94
- EX6920, running firmware versions prior to 1.0.0.54
- EX7000, running firmware versions prior to 1.0.1.90
- R6400v2, running firmware versions prior to 1.0.4.92
- R6700v3, running firmware versions prior to 1.0.4.92
- R8000, running firmware versions prior to 1.0.4.58
- RBS40V, running firmware versions prior to 2.5.1.6
- RBS40V-200, running firmware versions prior to 1.0.0.46
- WN2500RPv2, running firmware versions prior to 1.0.1.56
- JGS516PE, running firmware versions prior to 2.6.0.48
- JGS524Ev2, running firmware versions prior to 2.6.0.48
- JGS524PE, running firmware versions prior to 2.6.0.48
- GS116Ev2, running firmware versions prior to 2.6.0.48
- D7800, running firmware versions prior to 1.0.1.56
- R7800, running firmware versions prior to 1.0.2.68
- R8900, running firmware versions prior to 1.0.4.26
- R9000, running firmware versions prior to 1.0.4.26
- RBK50, running firmware versions prior to 2.3.5.30
- RBR50, running firmware versions prior to 2.3.5.30
- RBS50, running firmware versions prior to 2.3.5.30
- RBK40, running firmware versions prior to 2.3.5.30
- RBR40, running firmware versions prior to 2.3.5.30
- RBS40, running firmware versions prior to 2.3.5.30
- RBK20, running firmware versions prior to 2.3.5.26
- RBR20, running firmware versions prior to 2.3.5.26
- RBS20, running firmware versions prior to 2.3.5.26
- XR700, running firmware versions prior to 1.0.1.10
- R7500v2, running firmware versions prior to 1.0.3.46
- R8900, running firmware versions prior to 1.0.4.28
- R9000, running firmware versions prior to 1.0.4.28
- XR500, running firmware versions prior to 2.3.2.56
- RAX120, running firmware versions prior to 1.0.0.78
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Cross-site scripting (XSS)
- Command injection
- Sensitive information disclosure
Best practice and Recommendations:
The CERT team encourages users to review NETGEAR security advisory and apply the necessary updates:
- https://kb.netgear.com/000062626/Security-Advisory-for-Sensitive-Information-Disclosure-on-WAX610-PSV-2020-0410
- https://kb.netgear.com/000062627/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Range-Extenders-and-WiFi-Systems-PSV-2019-0296
- https://kb.netgear.com/000062629/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0034
- https://kb.netgear.com/000062631/Security-Advisory-for-Admin-Credential-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0001
- https://kb.netgear.com/000062635/Security-Advisory-for-Security-Misconfiguration-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0376
- https://kb.netgear.com/000062636/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0378
- https://kb.netgear.com/000062637/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0383
- https://kb.netgear.com/000062638/Security-Advisory-for-Missing-Function-Level-Access-Control-on-Some-Smart-Managed-Plus-Switches-PSV-2020-0396
- https://kb.netgear.com/000062639/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-PSV-2018-0571
- https://kb.netgear.com/000062640/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0486
- https://kb.netgear.com/000062642/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0502
- https://kb.netgear.com/000062643/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0513
- https://kb.netgear.com/000062645/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-System-PSV-2018-0491
- https://kb.netgear.com/000062647/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0503
- https://kb.netgear.com/000062648/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0495
- https://kb.netgear.com/000062650/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0499
- https://kb.netgear.com/000062651/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0506
- https://kb.netgear.com/000062653/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0504
- https://kb.netgear.com/000062654/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0484
- https://kb.netgear.com/000062656/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0482
- https://kb.netgear.com/000062657/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0483
- https://kb.netgear.com/000062658/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0489
- https://kb.netgear.com/000062659/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0497
- https://kb.netgear.com/000062660/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0509
- https://kb.netgear.com/000062661/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0487
- https://kb.netgear.com/000062662/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0490
- https://kb.netgear.com/000062663/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-and-WiFi-Systems-PSV-2018-0511
Last updated at 16 December, 2020
Rate the content
Share the page
