#VU69030 Information disclosure in NETGEAR products

Vulnerability identifier: #VU69030

Vulnerability risk: Medium

CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
RBR50
Hardware solutions / Routers & switches, VoIP, GSM, etc
LBR20
Hardware solutions / Routers & switches, VoIP, GSM, etc
LBR1020
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBK352
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBR350
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBS350
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBK20
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBR20
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBS20
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6100v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6150v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX7300v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6400v2
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6250
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX7320
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6420
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX6410
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX7700
Hardware solutions / Routers & switches, VoIP, GSM, etc
EX8000
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBK40
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBR40
Hardware solutions / Routers & switches, VoIP, GSM, etc
RBS40
Hardware solutions / Routers & switches, VoIP, GSM, etc
XR500
Hardware solutions / Routers & switches, VoIP, GSM, etc
XR450
Hardware solutions / Routers & switches, VoIP, GSM, etc
RAX10
Hardware solutions / Routers for home users
R6700AX
Hardware solutions / Routers for home users
RAX120
Hardware solutions / Routers for home users
RAX120v2
Hardware solutions / Routers for home users
RAX70
Hardware solutions / Routers for home users
RAX78
Hardware solutions / Routers for home users
R9000
Hardware solutions / Routers for home users
R8900
Hardware solutions / Routers for home users
EX6200v2
Hardware solutions / Routers for home users
XR700
Hardware solutions / Routers for home users

Vendor: NETGEAR

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RBR50: before 2.7.4.24

LBR20: before 2.6.3.58

LBR1020: before 2.6.3.58

RAX10: before 1.0.5.108

R6700AX: before 1.0.5.108

RAX120: before 1.2.0.16

RBK352: before 4.4.1.14

RBR350: before 4.4.1.14

RBS350: before 4.4.1.14

RAX120v2: before 1.2.0.16

RAX70: before 1.0.5.108

RAX78: before 1.0.5.108

RBK20: before 2.7.4.24

RBR20: before 2.7.4.24

RBS20: before 2.7.4.24

EX6100v2: before 1.0.1.106

EX6150v2: before 1.0.1.106

EX7300v2: before 1.0.0.146

EX6400v2: before 1.0.0.146

EX6250: before 1.0.0.146

EX7320: before 1.0.0.146

EX6420: before 1.0.0.146

EX6410: before 1.0.0.146

EX7700: before 1.0.0.226

EX8000: before 1.0.1.240

RBK40: before 2.7.4.24

RBR40: before 2.7.4.24

RBS40: before 2.7.4.24

XR500: before 2.3.2.134

XR450: before 2.3.2.134

R9000: before 1.0.5.36

R8900: before 1.0.5.36

EX6200v2: before 1.0.1.86

XR700: before 1.0.1.44

---

External links
https://kb.netgear.com/000065342/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0457

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.