Vulnerability

CERT-In Vulnerability Note CIVN-2021-0371
Multiple Vulnerabilities in Netgear

Original Issue Date:December 28, 2021

Severity Rating: HIGH

Software Affected

CBR40 firmware versions prior to 2.5.0.24
CBR750 firmware versions prior to 4.6.3.6
EAX20 firmware versions prior to 1.0.0.58
EAX80 firmware versions prior to 1.0.1.68
EX7500 firmware versions prior to 1.0.0.74
LAX20 firmware versions prior to 1.1.6.28
MK62 firmware versions prior to 1.0.6.116
MR60 firmware versions prior to 1.0.6.116
MS60 firmware versions prior to 1.0.6.116
R6400 firmware versions prior to 1.0.1.70
R6400v2 firmware versions prior to 1.0.4.118
R6700v3 firmware versions prior to 1.0.4.118
R6900P firmware versions prior to 1.3.3.140
R7000 firmware versions prior to 1.0.11.116
R7000P firmware versions prior to 1.3.3.140
R7850 firmware versions prior to 1.0.5.68
R7900 firmware versions prior to 1.0.4.38
R7900P firmware versions prior to 1.4.2.84
R7960P firmware versions prior to 1.4.2.84
R8000 firmware versions prior to 1.0.4.68
R8000P firmware versions prior to 1.4.2.84
RAX15 firmware versions prior to 1.0.3.96
RAX20 firmware versions prior to 1.0.3.96
RAX200 firmware versions prior to 1.0.4.120
RAX35v2 firmware versions prior to 1.0.3.96
RAX40v2 firmware versions prior to 1.0.3.96
RAX43 firmware versions prior to 1.0.3.96
RAX45 firmware versions prior to 1.0.3.96
RAX50 firmware versions prior to 1.0.3.96
RAX75 firmware versions prior to 1.0.4.120
RAX80 firmware versions prior to 1.0.4.120
RBK752 firmware versions prior to 3.2.17.12
RBK852 firmware versions prior to 3.2.17.12
RBR750 firmware versions prior to 3.2.17.12
RBR850 firmware versions prior to 3.2.17.12
RBS750 firmware versions prior to 3.2.17.12
RBS850 firmware versions prior to 3.2.17.12
RS400 firmware versions prior to 1.5.1.80
XR1000 firmware versions prior to 1.0.0.58
XR300 firmware versions prior to 1.0.3.68;
MR80 firmware versions prior to 1.1.2.20
MS80 firmware versions prior to 1.1.2.20
MK83 firmware versions prior to 1.1.2.20
R6400v2 firmware versions prior to 1.0.4.106
R6700v3 firmware versions prior to 1.0.4.106
R7000 firmware versions prior to 1.0.11.126
R7850 firmware versions prior to 1.0.5.74
R7900 firmware versions prior to 1.0.4.46
R8000 firmware versions prior to 1.0.4.74;
CBR750 firmware versions prior to 4.6.3.6
MK62 firmware versions prior to 1.1.6.122
MR60 firmware versions prior to 1.1.6.122
MS60 firmware versions prior to 1.1.6.122
R8300 firmware versions prior to 1.0.2.154
R8500 firmware versions prior to 1.0.2.154
R7850 firmware versions prior to 1.0.5.74
R7900 firmware versions prior to 1.0.4.46
R8000 firmware versions prior to 1.0.4.74;
BR40 firmware versions prior to 2.5.0.24
CBR750 firmware versions prior to 3.2.18.2
EX3700 firmware versions prior to 1.0.0.94
EX3800 firmware versions prior to 1.0.0.94
EX6120 firmware versions prior to 1.0.0.64
EX6130 firmware versions prior to 1.0.0.44
EX7000 firmware versions prior to 1.0.1.104
MR60 firmware versions prior to 1.0.6.116
R6300v2 firmware versions prior to 1.0.4.52
R6400v2 firmware versions prior to 1.0.4.106
R6700v3 firmware versions prior to 1.0.4.106
R7000 firmware versions prior to 1.0.11.126
R7100LG firmware versions prior to 1.0.0.72
R7850 firmware versions prior to 1.0.5.74
R7900 firmware versions prior to 1.0.4.46
R8000 firmware versions prior to 1.0.4.74
R8300 firmware versions prior to 1.0.2.154
R8500 firmware versions prior to 1.0.2.154;
CBR750 firmware versions prior to 3.2.18.2
D7000 firmware versions prior to 1.0.1.82
RBS50Y firmware versions prior to 2.7.0.122
SRK60 firmware versions prior to 2.7.0.122
SRR60 firmware versions prior to 2.7.0.122
SRS60 firmware versions prior to 2.7.0.122
SXK30 firmware versions prior to 3.2.33.108
SXR30 firmware versions prior to 3.2.33.108
SXS30 firmware versions prior to 3.2.33.108
SRC60 firmware versions prior to 2.7.0.122;
AC2400 firmware versions prior to 1.1.0.84
AC2600 firmware versions prior to 1.1.0.84
R6020 firmware versions prior to 1.0.0.52
R6080 firmware versions prior to 1.0.0.52
R6120 firmware versions prior to 1.0.0.80
R6220 firmware versions prior to 1.1.0.110
R6230 firmware versions prior to 1.1.0.110
R6260 firmware versions prior to 1.1.0.84
R6330 firmware versions prior to 1.1.0.84
R6350 firmware versions prior to 1.1.0.84
R6700v2 firmware versions prior to 1.1.0.84
R6800 firmware versions prior to 1.1.0.84
R6850 firmware versions prior to 1.1.0.84
R6900v2 firmware versions prior to 1.1.0.84
R7200 firmware versions prior to 1.1.0.84
R7350 firmware versions prior to 1.1.0.84
R7400 firmware versions prior to 1.1.0.84
R7450 firmware versions prior to 1.1.0.84;
GS108Tv2 firmware versions prior to 5.4.2.36
GS110TPP firmware versions prior to 7.0.7.2
GS110TPv2 firmware versions prior to 5.4.2.36.
GS110TPv3 firmware versions prior to 7.0.7.2
GS308T firmware versions prior to 1.0.3.2
GS310TP firmware versions prior to 1.0.3.2
GS724TPP firmware versions prior to 2.0.6.3
GS724TPv2 firmware versions prior to 2.0.6.3
GS728TPPv2 firmware versions prior to 6.0.8.2
GS728TPv2 firmware versions prior to 6.0.8.2
GS752TPP firmware versions prior to 6.0.8.2
GS752TPv2 firmware versions prior to 6.0.8.2
MS510TXM firmware versions prior to 1.0.4.2
MS510TXUP firmware versions prior to 1.0.4.2
D6220 firmware versions prior to 1.0.0.76.

Overview

These Vulnerabilities have been reported in Netgear routers, extenders, WiFi systems and Smart managed pro switches which could allow the attacker to perform command injection; privilege escalation and authentication bypass attack on an affected device.

Description

These vulnerabilities exist in Netgear routers, extenders, WiFi systems and Smart managed pro switches that could allow the attacker to gain elevated privileges and execute arbitrary code or commands on the target system.

Successful exploitation of these vulnerabilities could allow the attacker to gain elevated privileges and execute arbitrary commands on an affected device.

Solution

Apply appropriate updates as mentioned in:
https://kb.netgear.com/000064509/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extender-WiFi-Systems-PSV-2020-0506?article=000064509

https://kb.netgear.com/000064510/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0509?article=000064510

https://kb.netgear.com/000064511/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0514?article=000064511

https://kb.netgear.com/000064513/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0517?article=000064513

https://kb.netgear.com/000064514/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0521?article=000064514

https://kb.netgear.com/000064515/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Router-Extenders-and-WiFi-Systems-PSV-2020-0524?article=000064515

https://kb.netgear.com/000064517/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0541?article=000064517

https://kb.netgear.com/000064518/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0556?article=000064518

https://kb.netgear.com/000064522/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0557?article=000064522

https://kb.netgear.com/000064523/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0562?article=000064523

https://kb.netgear.com/000064524/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0566?article=000064524

https://kb.netgear.com/000064525/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0567?article=000064525

https://kb.netgear.com/000064527/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0576?article=000064527

https://kb.netgear.com/000064528/Security-Advisory-for-Vertical-Privilege-Escalation-on-Some-Routers-PSV-2021-0043?article=000064528

https://kb.netgear.com/000064529/Security-Advisory-for-Authentication-Bypass-on-D7000-PSV-2021-0060?article=000064529

https://kb.netgear.com/000064530/Security-Advisory-for-Security-Misconfiguration-on-Some-WiFi-Systems-PSV-2021-0127?article=000064530

https://kb.netgear.com/000064532/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2021-0154?article=000064532

https://kb.netgear.com/000064533/Security-Advisory-for-Authentication-Bypass-on-D7000-PSV-2021-0155?article=000064533

https://kb.netgear.com/000064534/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Smart-Managed-Pro-Switches-PSV-2021-0175?article=000064534

https://kb.netgear.com/000064535/Security-Advisory-for-Post-Authentication-Command-Injection-on-D6220-PSV-2021-0200?article=000064535

Vendor Information

References

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India