CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Netgear Products Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2020-087

DATE(S) ISSUED:

06/30/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for remote code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • D6220 running firmware versions prior to 1.0.0.56
  • D6400 running firmware versions prior to 1.0.0.90
  • D7000v2 running firmware versions prior to 1.0.0.58
  • D8500 running firmware versions prior to 1.0.3.46
  • DC112A running firmware versions prior to 1.0.0.46
  • EX3700 running firmware versions prior to 1.0.0.80
  • EX3800 running firmware versions prior to 1.0.0.80
  • EX3920 running firmware versions prior to 1.0.0.80
  • EX6120 running firmware versions prior to 1.0.0.50
  • EX6130 running firmware versions prior to 1.0.0.32
  • EX6920 running firmware versions prior to 1.0.0.50
  • EX7000 running firmware versions prior to 1.0.1.86
  • R6250 running firmware versions prior to 1.0.4.40
  • R6400v2 running firmware versions prior to 1.0.4.94
  • R6700v3 running firmware versions prior to 1.0.4.94
  • R6900 running firmware versions prior to 1.0.2.12
  • R6900P running firmware versions prior to 1.3.2.120
  • R7000 running firmware versions prior to 1.0.11.102
  • R7000P running firmware versions prior to 1.3.2.120
  • R7100LG running firmware versions prior to 1.0.0.54
  • R7850 running firmware versions prior to 1.0.5.58
  • R7900 running firmware versions prior to 1.0.4.24
  • R8000 running firmware versions prior to 1.0.4.56
  • R8500 running firmware versions prior to 1.0.2.131
  • RS400 running firmware versions prior to 1.5.0.46
  • WNR3500Lv2 running firmware versions prior to 1.2.0.60
  • XR300 running firmware versions prior to 1.0.3.44
  • Products with no patches released at the time of this advisory:
  • AC1450 D6300 DGN2200 DGN2200M DGND3700 EX6000 EX6100 EX6150 EX6200 LG2200D MBM621 MBR1200 MBR1515 MBR1516 MBR624GU MBRN3000 MVBR1210C R4500 R6200 R6200v2 R6300 R6300v2 R6400 R6700 R7300 R8300 WGR614v10 WGR614v8 WGR614v9 WGT624v4 WN2500RP WN2500RPv2 WN3000RP WN3100RP WN3500RP WNCE3001 WNDR3300 WNDR3300v2 WNDR3400 WNDR3400v2 WNDR3400v3 WNDR3700v3 WNDR4000 WNDR4500 WNDR4500v2 WNR1000v3 WNR2000v2 WNR3500 WNR3500L WNR3500v2 WNR834Bv2

RISK:

Government:
  • Large and medium government entities: MEDIUM
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: MEDIUM
  • Small business entities: HIGH
Home Users:
MEDIUM

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below:
https://www.netgear.com/about/security/

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply patch provided by Netgear immediately after appropriate testing.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.
  • Until a firmware fix is available for your product, it is recommended that you follow the workaround instructions found in the reference below.
  • Turn off Remote Management on your router or gateway web user interface if you previously turned this feature on.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil White paper 29 Jun 2020