Security News > 2023 > March > Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit

Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
2023-03-22 22:57

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.

The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.

Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022.

The bad news: Netgear is still working on a fix for the fourth bug, which now has a PoC exploit and, as such, miscreants are probably scanning for exposed, vulnerable routers to attack right now.

The most serious vul of the bunch, CVE-2022-37337, is a 9.1-rated critical vulnerability in the access control functionality of the Orbi router RBR750 4.6.8.5.

Finally, CVE-2022-38458, a cleartext transmission vulnerability in the main Orbi router RBR750 4.6.8.5, can allow a miscreant to carry out a man-in-the-middle attack, which can lead to sensitive information disclosure.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/22/netgear_router_poc_exploits/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-38458 Cleartext Transmission of Sensitive Information vulnerability in Netgear Rbs750 Firmware 4.6.8.5
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5.
network
high complexity
netgear CWE-319
5.9
5.9
2023-03-21 CVE-2022-37337 OS Command Injection vulnerability in Netgear Rbs750 Firmware 4.6.8.5
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5.
network
low complexity
netgear CWE-78
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4416 230 3062 1826 600 5718