Security News > 2023 > March > Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit

Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit
2023-03-22 22:57

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability.

The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.

Cisco Talos researchers disclosed these bugs to Netgear on August 30, 2022.

The bad news: Netgear is still working on a fix for the fourth bug, which now has a PoC exploit and, as such, miscreants are probably scanning for exposed, vulnerable routers to attack right now.

The most serious vul of the bunch, CVE-2022-37337, is a 9.1-rated critical vulnerability in the access control functionality of the Orbi router RBR750 4.6.8.5.

Finally, CVE-2022-38458, a cleartext transmission vulnerability in the main Orbi router RBR750 4.6.8.5, can allow a miscreant to carry out a man-in-the-middle attack, which can lead to sensitive information disclosure.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/22/netgear_router_poc_exploits/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-38458 Unspecified vulnerability in Netgear Rbs750 Firmware 4.6.8.5
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5.
network
high complexity
netgear
5.9
2023-03-21 CVE-2022-37337 Unspecified vulnerability in Netgear Rbs750 Firmware 4.6.8.5
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5.
network
low complexity
netgear
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751