Information disclosure in Netgear routers, extenders, and WiFi systems
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | N/A |
| CWE-ID | CWE-200 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
RBR50 Hardware solutions / Routers & switches, VoIP, GSM, etc LBR20 Hardware solutions / Routers & switches, VoIP, GSM, etc LBR1020 Hardware solutions / Routers & switches, VoIP, GSM, etc RBK352 Hardware solutions / Routers & switches, VoIP, GSM, etc RBR350 Hardware solutions / Routers & switches, VoIP, GSM, etc RBS350 Hardware solutions / Routers & switches, VoIP, GSM, etc RBK20 Hardware solutions / Routers & switches, VoIP, GSM, etc RBR20 Hardware solutions / Routers & switches, VoIP, GSM, etc RBS20 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6100v2 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6150v2 Hardware solutions / Routers & switches, VoIP, GSM, etc EX7300v2 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6400v2 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6250 Hardware solutions / Routers & switches, VoIP, GSM, etc EX7320 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6420 Hardware solutions / Routers & switches, VoIP, GSM, etc EX6410 Hardware solutions / Routers & switches, VoIP, GSM, etc EX7700 Hardware solutions / Routers & switches, VoIP, GSM, etc EX8000 Hardware solutions / Routers & switches, VoIP, GSM, etc RBK40 Hardware solutions / Routers & switches, VoIP, GSM, etc RBR40 Hardware solutions / Routers & switches, VoIP, GSM, etc RBS40 Hardware solutions / Routers & switches, VoIP, GSM, etc XR500 Hardware solutions / Routers & switches, VoIP, GSM, etc XR450 Hardware solutions / Routers & switches, VoIP, GSM, etc RAX10 Hardware solutions / Routers for home users R6700AX Hardware solutions / Routers for home users RAX120 Hardware solutions / Routers for home users RAX120v2 Hardware solutions / Routers for home users RAX70 Hardware solutions / Routers for home users RAX78 Hardware solutions / Routers for home users R9000 Hardware solutions / Routers for home users R8900 Hardware solutions / Routers for home users EX6200v2 Hardware solutions / Routers for home users XR700 Hardware solutions / Routers for home users |
| Vendor | NETGEAR |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU69030
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsRBR50: before 2.7.4.24
LBR20: before 2.6.3.58
LBR1020: before 2.6.3.58
RAX10: before 1.0.5.108
R6700AX: before 1.0.5.108
RAX120: before 1.2.0.16
RBK352: before 4.4.1.14
RBR350: before 4.4.1.14
RBS350: before 4.4.1.14
RAX120v2: before 1.2.0.16
RAX70: before 1.0.5.108
RAX78: before 1.0.5.108
RBK20: before 2.7.4.24
RBR20: before 2.7.4.24
RBS20: before 2.7.4.24
EX6100v2: before 1.0.1.106
EX6150v2: before 1.0.1.106
EX7300v2: before 1.0.0.146
EX6400v2: before 1.0.0.146
EX6250: before 1.0.0.146
EX7320: before 1.0.0.146
EX6420: before 1.0.0.146
EX6410: before 1.0.0.146
EX7700: before 1.0.0.226
EX8000: before 1.0.1.240
RBK40: before 2.7.4.24
RBR40: before 2.7.4.24
RBS40: before 2.7.4.24
XR500: before 2.3.2.134
XR450: before 2.3.2.134
R9000: before 1.0.5.36
R8900: before 1.0.5.36
EX6200v2: before 1.0.1.86
XR700: before 1.0.1.44
CPE2.3- cpe:2.3:h:netgear:rbr50:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:lbr20:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:lbr1020:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rax10:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:r6700ax:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rax120:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbk352:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbr350:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbs350:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rax120v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rax70:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rax78:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbk20:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbr20:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbs20:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6100v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6150v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex7300v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6400v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6250:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex7320:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6420:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6410:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex7700:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex8000:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbk40:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbr40:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:rbs40:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:xr500:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:xr450:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:r9000:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:r8900:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:ex6200v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:netgear:xr700:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
