SB2022121502 - Multiple vulnerabilities in NETGEAR RAX30

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Link following (CVE-ID: CVE-2021-44141)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure link following. A remote user with ability to write files to the exported part of the file system under a share via SMB1 unix extensions or via NFS can create a symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.

2) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

3) Buffer overflow (CVE-ID: N/A)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://kb.netgear.com/000065451/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0028-PSV-2022-0073
• https://kb.netgear.com/000065452/Security-Advisory-for-Pre-authentication-Buffer-Overflow-on-the-RAX30-PSV-2022-0291