Main Vulnerability Database SB2022041108

SB2022041108 - Information disclosure in some NETGEAR Routers and Extenders

Published: April 11, 2022

Security Bulletin ID SB2022041108

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

References

https://kb.netgear.com/000064759/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Extenders-PSV-2019-0272

Vulnerable Software

RAX80: before 1.0.3.106
RAX75: before 1.0.3.106
D6220: before 1.0.0.66
D6400: before 1.0.0.100
D8500: before 1.0.3.58
DC112A: before 1.0.0.52
DGN2200Bv4: before 1.0.0.118
DGN2200v4: before 1.0.0.118
EX3700: before 1.0.0.94
EX6120: before 1.0.0.64
EX6130: before 1.0.0.44
EX7500: before 1.0.0.72
R6400: before 1.0.1.70
R6400v2: before 1.0.4.106
R7000: before 1.0.11.116
R7000P: before 1.3.3.140
R7900: before 1.0.4.38
R7960P: before 1.4.1.66
R8000: before 1.0.4.66
R8000P: before 1.4.1.66
R8500: before 1.0.2.144
RAX200: before 1.0.3.106
RBS40V: before 2.6.2.4
RBW30: before 2.6.2.2
RS400: before 1.5.1.80
WNDR3400v3: before 1.0.1.38
XR300: before 1.0.3.50

SB2022041108 - Information disclosure in some NETGEAR Routers and Extenders

Breakdown by Severity

Description

Remediation

References

Please verify you're human