SB2018020907 - Multiple vulnerabilities in NETGEAR Touters
Published: February 9, 2018
Security Bulletin ID
SB2018020907
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: N/A)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw in the genie_restoring.cgi script, provided by the box's built-in web server. An adjacent attacker can abuse the vulnerable script and extract files and passwords from its filesystem in flash storage or pull files from USB sticks plugged into the router.
2) OS command injection (CVE-ID: N/A)
The vulnerability allows an local root-privileged attacker to execute shell commands on the target system.The weakness exists due to post-authentication command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Authentication bypass (CVE-ID: N/A)
The vulnerability allows a local attacker to bypass authentication on the target system.The weakness exists due to improper privileges and access controls. A local attacker can bypass authentication if "&genie=1" is found within the query string.
4) OS command injection (CVE-ID: N/A)
The vulnerability allows an local attacker to execute shell commands on the target system.The weakness exists due to command injection. A local attacker can use the device_name parameter on the lan.cgi page to inject and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
5) OS command injection (CVE-ID: N/A)
The vulnerability allows an local root-privileged attacker to execute shell commands on the target system.The weakness exists due to post-authentication command injection. A local attacker can inject and execute arbitrary commands with root privileges during short time window when WPS is activated.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
References
- https://kb.netgear.com/000045848/Security-Advisory-for-Password-Recovery-and-File-Access-on-Some-Rou...
- https://kb.netgear.com/000045850/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Modem-Routers-PSV-2017-1207
- https://kb.netgear.com/000048998/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-or-Mode...
- https://kb.netgear.com/000048999/Security-Advisory-for-Command-Injection-on-Some-Routers-and-Modem-R...
- https://kb.netgear.com/000049354/Security-Advisory-for-Command-Injection-Vulnerability-on-D7000-EX6200v2-and-Some-Routers-PSV-2017-2181