MULTIPLE VULNERABILITIES IN NETGEAR PRODUCTS COULD ALLOW FOR REMOTE CODE EXECUTION

Summary: Netgear has published several vulnerabilities in their firmware that allow for remote code execution. Successful exploitation can result in the attacker gaining full control of the system. Failed attempts to exploit may cause Denial of Service. Customers are advised to upgrade immediately. We see Netgear devices used regularly in critical infrastructure organizations. Organizations are advised to have consistent vulnerability discovery/management programs with regular patching of all devices (not just PC’s and servers). Also advise restricting administrative access to devices, especially devices without a keyboard.

 

TLP: WHITE

MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER: 2020-087

DATE(S) ISSUED: 06/30/2020

SUBJECT: Multiple Vulnerabilities in Netgear Products Could Allow for Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for remote code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • D6220 running firmware versions prior to 1.0.0.56
  • D6400 running firmware versions prior to 1.0.0.90
  • D7000v2 running firmware versions prior to 1.0.0.58
  • D8500 running firmware versions prior to 1.0.3.46
  • DC112A running firmware versions prior to 1.0.0.46
  • DGN2200v4 running firmware versions prior to 1.0.0.112
  • EX3700 running firmware versions prior to 1.0.0.80
  • EX3800 running firmware versions prior to 1.0.0.80
  • EX3920 running firmware versions prior to 1.0.0.80
  • EX6120 running firmware versions prior to 1.0.0.50
  • EX6130 running firmware versions prior to 1.0.0.32
  • EX6920 running firmware versions prior to 1.0.0.50
  • EX7000 running firmware versions prior to 1.0.1.86
  • R6250 running firmware versions prior to 1.0.4.40
  • R6400v2 running firmware versions prior to 1.0.4.94
  • R6700v3 running firmware versions prior to 1.0.4.94
  • R6900 running firmware versions prior to 1.0.2.12
  • R6900P running firmware versions prior to 1.3.2.120
  • R7000 running firmware versions prior to 1.0.11.102
  • R7000P running firmware versions prior to 1.3.2.120
  • R7100LG running firmware versions prior to 1.0.0.54
  • R7850 running firmware versions prior to 1.0.5.58
  • R7900 running firmware versions prior to 1.0.4.24
  • R8000 running firmware versions prior to 1.0.4.56
  • R8500 running firmware versions prior to 1.0.2.131
  • RS400 running firmware versions prior to 1.5.0.46
  • WNR3500Lv2 running firmware versions prior to 1.2.0.60
  • XR300 running firmware versions prior to 1.0.3.44

Products with no patches released at the time of this advisory.

  • AC1450
  • D6300
  • DGN2200
  • DGN2200M
  • DGND3700
  • EX6000
  • EX6100
  • EX6150
  • EX6200
  • LG2200D
  • MBM621
  • MBR1200
  • MBR1515
  • MBR1516
  • MBR624GU
  • MBRN3000
  • MVBR1210C
  • R4500
  • R6200
  • R6200v2
  • R6300
  • R6300v2
  • R6400
  • R6700
  • R7300
  • R8300
  • WGR614v10
  • WGR614v8
  • WGR614v9
  • WGT624v4
  • WN2500RP
  • WN2500RPv2
  • WN3000RP
  • WN3100RP
  • WN3500RP
  • WNCE3001
  • WNDR3300
  • WNDR3300v2
  • WNDR3400
  • WNDR3400v2
  • WNDR3400v3
  • WNDR3700v3
  • WNDR4000
  • WNDR4500
  • WNDR4500v2
  • WNR1000v3
  • WNR2000v2
  • WNR3500
  • WNR3500L
  • WNR3500v2
  • WNR834Bv2

RISK:

Government:

  • Large and medium government entities: Medium
  • Small government entities: High

Businesses:

  • Large and medium business entities: Medium
  • Small business entities: High

Home UsersMedium

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below:

https://www.netgear.com/about/security/

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply patch provided by Netgear immediately after appropriate testing.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.
  • Until a firmware fix is available for your product, it is recommended that you follow the workaround instructions found in the reference below.
  • Turn off Remote Management on your router or gateway web user interface if you previously turned this feature on.

REFERENCES:

Netgear:

https://www.netgear.com/about/security