Security News > 2023 > March > Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.
The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.
Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022.
The bad news: Netgear is still working on a fix for the fourth bug, which now has a PoC exploit and, as such, miscreants are probably scanning for exposed, vulnerable routers to attack right now.
The most serious vul of the bunch, CVE-2022-37337, is a 9.1-rated critical vulnerability in the access control functionality of the Orbi router RBR750 4.6.8.5.
Finally, CVE-2022-38458, a cleartext transmission vulnerability in the main Orbi router RBR750 4.6.8.5, can allow a miscreant to carry out a man-in-the-middle attack, which can lead to sensitive information disclosure.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/22/netgear_router_poc_exploits/
Related news
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2022-38458 | Missing Encryption of Sensitive Data vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. | 5.9 |
| 2023-03-21 | CVE-2022-37337 | OS Command Injection vulnerability in Netgear Rbs750 Firmware 4.6.8.5 A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. | 8.8 |