Security News > 2023 > March > PoC exploits released for Netgear Orbi router vulnerabilities

Proof-of-concept exploits for vulnerabilities in Netgear's Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug.

The first and most critical flaw is tracked as CVE-2022-37337 and is a remotely exploitable command execution vulnerability in the access control functionality of the Netgear Orbi router.

The third vulnerability is CVE-2022-36429, a high-severity command injection in the backend communications functionality of the Netgear Orbi Satellite, which links to the router to extend the network coverage.

Finally, Cisco's analysts discovered CVE-2022-38458, a cleartext transmission problem impacting the Remote Management functionality of the Netgear Orbi router, enabling man-in-the-middle attacks that can lead to sensitive information disclosure.

While Orbi does support the automatic installation of updates, on an Orbi seen by BleepingComputer, new firmware did not automatically install, and it was running software released in August 2022.

Owners of Netgear Orbi 750 devices should manually check to see if they are running the latest version, and if not, upgrade their firmware as soon as possible.

News URL

https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-netgear-orbi-router-vulnerabilities/