#VU70579 OS Command Injection in NETGEAR products

Cybersecurity Help s.r.o.

Published: 2023-01-02

Vulnerability identifier: #VU70579

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vendor: NETGEAR

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the device.

The vulnerability exists due to improper input validation. A remote authenticated user can send specially crafted data to the application and execute arbitrary OS commands on the device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RAX45: before 1.0.2.28

RAX50: before 1.0.2.28

RAX15: before 1.0.1.64

RAX20: before 1.0.1.64

RBK852: before 3.2.16.6

RBR850: before 3.2.16.6

RBS850: before 3.2.16.6

RBK752: before 3.2.16.6

RBR750: before 3.2.16.6

RBS750: before 3.2.16.6

RAX75: before 1.0.3.106

RAX80: before 1.0.3.106

RAX200: before 1.0.3.106

R8000: before 1.0.4.68

R7900: before 1.0.4.38

MK62: before 1.0.6.110

MR60: before 1.0.6.110

MS60: before 1.0.6.110

R7000P: before 1.3.3.140

R8000P: before 1.4.4.94

R7960P: before 1.4.4.94

External links
https://kb.netgear.com/000065485/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-WiFi-Systems-PSV-2020-0221

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Authenticated command executioin in several NETGEAR routers