Security News > 2023 > March > Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.
The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.
Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022.
The bad news: Netgear is still working on a fix for the fourth bug, which now has a PoC exploit and, as such, miscreants are probably scanning for exposed, vulnerable routers to attack right now.
The most serious vul of the bunch, CVE-2022-37337, is a 9.1-rated critical vulnerability in the access control functionality of the Orbi router RBR750 4.6.8.5.
Finally, CVE-2022-38458, a cleartext transmission vulnerability in the main Orbi router RBR750 4.6.8.5, can allow a miscreant to carry out a man-in-the-middle attack, which can lead to sensitive information disclosure.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/22/netgear_router_poc_exploits/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-21 | CVE-2022-38458 | Unspecified vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. | 5.9 |
2023-03-21 | CVE-2022-37337 | Unspecified vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. | 8.8 |