Rewterz Threat Advisory – Multiple NETGEAR Devices Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-0182 CVSS:7.5

NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2021-0176 CVSS:6.3

NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2020-0482 CVSS:4.5

NETGEAR devices are vulnerable to a based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2020-0578 CVSS:6.5

NETGEAR devices are vulnerable to a based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2021-0179 CVSS:8.1

NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

Buffer Overflow
Command Execution

Indicators Of Compromise

CVE

CVE-2022-0182
CVE-2021-0176
CVE-2020-0482
CVE-2020-0578
CVE-2021-0179

Affected Vendors

NETGEAR

Affected Products

NETGEAR R7000P
NETGEAR R6400v2
NETGEAR R7000
NETGEAR RBK852
NETGEAR RBS850
NETGEAR CBR750
NETGEAR CAX80
NETGEAR RBK752
NETGEAR RBR750
NETGEAR RBR840
NETGEAR RBS840
Netgear R6400
NETGEAR EX6130
NETGEAR EX7500

Remediation

Refer to NETGEAR Security Advisory for patch, upgrade or suggested workaround information.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Microsoft Alerts on Node.js Exploitation in Malware Campaigns

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Aurora Stealer – Active IOCs

Rewterz Threat Advisory – Multiple Zoom Vulnerabilities

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.