Multiple Vulnerabilities in Netgear Products Could Allow for Remote Code Execution

ITS Advisory Number: 
2020-086
Date(s) Issued: 
Tuesday, June 30, 2020
Subject: 
Multiple Vulnerabilities in Netgear Products Could Allow for Remote Code Execution
Overview: 

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for remote code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

Systems Affected: 
  • D6220 running firmware versions prior to 1.0.0.56

  • D6400 running firmware versions prior to 1.0.0.90

  • D7000v2 running firmware versions prior to 1.0.0.58

  • D8500 running firmware versions prior to 1.0.3.46

  • DC112A running firmware versions prior to 1.0.0.46

  • DGN2200v4 running firmware versions prior to 1.0.0.112

  • EX3700 running firmware versions prior to 1.0.0.80

  • EX3800 running firmware versions prior to 1.0.0.80

  • EX3920 running firmware versions prior to 1.0.0.80

  • EX6120 running firmware versions prior to 1.0.0.50

  • EX6130 running firmware versions prior to 1.0.0.32

  • EX6920 running firmware versions prior to 1.0.0.50

  • EX7000 running firmware versions prior to 1.0.1.86

  • R6250 running firmware versions prior to 1.0.4.40

  • R6400v2 running firmware versions prior to 1.0.4.94

  • R6700v3 running firmware versions prior to 1.0.4.94

  • R6900 running firmware versions prior to 1.0.2.12

  • R6900P running firmware versions prior to 1.3.2.120

  • R7000 running firmware versions prior to 1.0.11.102

  • R7000P running firmware versions prior to 1.3.2.120

  • R7100LG running firmware versions prior to 1.0.0.54

  • R7850 running firmware versions prior to 1.0.5.58

  • R7900 running firmware versions prior to 1.0.4.24

  • R8000 running firmware versions prior to 1.0.4.56

  • R8500 running firmware versions prior to 1.0.2.131

  • RS400 running firmware versions prior to 1.5.0.46

  • WNR3500Lv2 running firmware versions prior to 1.2.0.60

  • XR300 running firmware versions prior to 1.0.3.44

 

Products with no patches released at the time of this advisory:

  • AC1450

  • D6300

  • DGN2200

  • DGN2200M

  • DGND3700

  • EX6000

  • EX6100

  • EX6150

  • EX6200

  • LG2200D

  • MBM621

  • MBR1200

  • MBR1515

  • MBR1516

  • MBR624GU

  • MBRN3000

  • MVBR1210C

  • R4500

  • R6200

  • R6200v2

  • R6300

  • R6300v2

  • R6400

  • R6700

  • R7300

  • R8300

  • WGR614v10

  • WGR614v8

  • WGR614v9

  • WGT624v4

  • WN2500RP

  • WN2500RPv2

  • WN3000RP

  • WN3100RP

  • WN3500RP

  • WNCE3001

  • WNDR3300

  • WNDR3300v2

  • WNDR3400

  • WNDR3400v2

  • WNDR3400v3

  • WNDR3700v3

  • WNDR4000

  • WNDR4500

  • WNDR4500v2

  • WNR1000v3

  • WNR2000v2

  • WNR3500

  • WNR3500L

  • WNR3500v2

  • WNR834Bv2

RISK
GOVERNMENT
Large and medium government entities: 
Medium
Small government entities: 
High
BUSINESS
Large and medium business entities: 
Medium
Small business entities: 
High
Home Users: 
Medium
Description: 

Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. 

A full list of all vulnerabilities can be found at the references below. 

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute code remotely and gain full control of the affected system. Failed exploit attempts could result in a denial of service condition.

Actions: 
  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • After appropriate testing, immediately apply the patch provided by Netgear to vulnerable systems.

  • Monitor intrusion detection systems for any signs of anomalous activity.

  • Unless required, limit external network access to affected products.

  • Until a firmware fix is available for your product, it is recommended that you follow the workaround instructions found in the reference below.

  • Turn off Remote Management on your router or gateway web user interface if you previously turned this feature on.