Rewterz Threat Advisory – NETGEAR R6200v2 and NETGEAR R6300v2 Vulnerabilities

Rewterz Threat Alert – Hive Ransomware – Active IOCs

September 9, 2022

Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs

September 11, 2022

Rewterz Threat Advisory – NETGEAR R6200v2 and NETGEAR R6300v2 Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-30079 CVSS:8.8

NETGEAR R6200_v2 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the /sbin/acos_service binary. An attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2022-30078 CVSS:9.8

NETGEAR R6200v2 and NETGEAR R6300v2 could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ipv6_fix.cgi script. By sending a specially-crafted request using shell metacharacters in the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2022-30079
CVE-2022-30078

Affected Vendors

NETGEAR

Affected Products

NETGEAR R6200v2 1.0.3
NETGEAR R6200v2 1.0.3.12_10.1.11
NETGEAR R6200v2 1.0.3.12_10.1.11
NETGEAR R6300v2 1.0.4.52_10.0.93

Remediation

Refer to NETGEAR Website for patch, upgrade or suggested workaround information.

CVE-2022-30079
CVE-2022-30078

Rewterz Threat Alert – Hive Ransomware – Active IOCs

Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs

Rewterz Threat Advisory – NETGEAR R6200v2 and NETGEAR R6300v2 Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan