.png)
1 year ago
54 BOOK THIS SPACE FOR AD
ARTICLE ADPublic proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.
The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks. Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022. Since the 90-day countdown has run its course on Cisco's vulnerability disclosure policy, the networking giant has publicly detailed ng the security flaws and posted proofs of concept (POC) for three of them.
The good news is that three of the four vulnerabilities have been patched.
The bad news: Netgear is still working on a fix for the fourth bug, which now has a PoC exploit and, as such, miscreants are probably scanning for exposed, vulnerable routers to attack right now. Luckily it will require some work — and credentials.
Talos' Dave McDaniel discovered this vulnerability, tracked as CVE-2022-38452, in the main Orbi router RBR750 4.6.8.5, and says it's due to a flaw in the hidden telnet service functionality. An attacker in possession of a username, password and media access control address of the device's br-lan interface can send a specially-crafted network request to exploit this bug, which leads to arbitrary command execution.
At press time, Netgear had not responded to The Register's inquiries about when it will issue a fix and if the bug has been found and exploited in the wild.
The most serious vul of the bunch, CVE-2022-37337, is a 9.1-rated critical vulnerability in the access control functionality of the Orbi router RBR750 4.6.8.5. A remote, authenticated attacker could exploit this flaw by sending a specially crafted HTTP request to the router and then execute arbitrary commands on the device.
Luckily, it only works if the user is authenticated, "meaning they'd need to access an unprotected network or the login credentials of a password-protected network, for this attack to be successful," Talos' Jonathan Munshaw noted in a blog post.
EnemyBot malware adds enterprise flaws to exploit arsenal Cisco's Talos security bods predict new wave of Excel Hell Netgear router flaws exploitable with authentication ... like the default creds on Netgear's website Privacy fail: Pictures cropped, redacted by Google Pixel phones can be recoveredCVE-2022-36429, which affects the Orbi satellite router RBS750 4.6.8.5, can also lead to arbitrary command execution. It's due to a flaw in the ubus backend communications functionality, which allows the main router and satellite devices to communicate with each other.
An attacker with access to the web GUI password — or default password if the user never changed it — can log into a hidden telnet service, send a specially-crafted JSON object and then execute arbitrary commands on the device.
And finally, CVE-2022-38458, a cleartext transmission vulnerability in the main Orbi router RBR750 4.6.8.5, can allow a miscreant to carry out a man-in-the-middle attack, which can lead to sensitive information disclosure. Talos did not publish a PoC for this one. ®
Bengali (Bangladesh) · 
English (United States) ·