Skip to main content

Netgear Products Remote Code Execution Vulnerability

Release Date: 12 Nov 2021 5429 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability was identified in Netgear Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • EX3700 running firmware versions prior to 1.0.0.94
  • EX3800 running firmware versions prior to 1.0.0.94
  • EX6120 running firmware versions prior to 1.0.0.66
  • EX6130 running firmware versions prior to 1.0.0.66
  • R6400 running firmware versions prior to 1.0.1.76
  • R6400v2 running firmware versions prior to 1.0.4.120
  • R6700v3 running firmware versions prior to 1.0.4.120
  • R6900P running firmware versions prior to 1.3.3.142_HOTFIX
  • R7000 running firmware versions prior to 1.0.11.128
  • R7000P running firmware versions prior to 1.3.3.142_HOTFIX
  • R7100LG running firmware versions prior to 1.0.0.72
  • R7850 running firmware versions prior to 1.0.5.76
  • R7900P running firmware versions prior to 1.4.2.84
  • R7960P running firmware versions prior to 1.4.2.84
  • R8000 running firmware versions prior to 1.0.4.76
  • R8000P running firmware versions prior to 1.4.2.84
  • R8300 running firmware versions prior to 1.0.2.156
  • R8500 running firmware versions prior to 1.0.2.156
  • RAX15 running firmware versions prior to 1.0.4.100
  • RAX20 running firmware versions prior to 1.0.4.100
  • RAX200 running firmware versions prior to 1.0.5.132
  • RAX35v2 running firmware versions prior to 1.0.4.100
  • RAX38v2 running firmware versions prior to 1.0.4.100
  • RAX40v2 running firmware versions prior to 1.0.4.100
  • RAX42 running firmware versions prior to 1.0.4.100
  • RAX43 running firmware versions prior to 1.0.4.100
  • RAX45 running firmware versions prior to 1.0.4.100
  • RAX48 running firmware versions prior to 1.0.4.100
  • RAX50 running firmware versions prior to 1.0.4.100
  • RAX50S running firmware versions prior to 1.0.4.100
  • RAX75 running firmware versions prior to 1.0.5.132
  • RAX80 running firmware versions prior to 1.0.5.132
  • RAXE450 running firmware versions prior to 1.0.8.70
  • RAXE500 running firmware versions prior to 1.0.8.70
  • RS400 running firmware versions prior to 1.5.1.80
  • WNDR3400v3 running firmware versions prior to 1.0.1.42
  • WNR3500Lv2 running firmware versions prior to 1.2.0.70
  • XR300 running firmware versions prior to 1.0.3.68
  • D6220 running firmware versions prior to 1.0.0.76
  • D6400 running firmware versions prior to 1.0.0.108
  • D7000v2 running firmware versions prior to 1.0.0.76
  • DGN2200v4 running firmware versions prior to 1.0.0.126
  • DC112A running firmware versions prior to 1.0.0.62
  • CAX80 running firmware versions prior to 2.1.3.5

Solutions

Before installation of the software, please visit the vendor's web-site for more details.

 

  • Apply fixes issued by the vendor:
  • Upgrade EX3700 firmware to version 1.0.0.94
  • Upgrade EX3800 firmware to version 1.0.0.94
  • Upgrade EX6120 firmware to version 1.0.0.66
  • Upgrade EX6130 firmware to version 1.0.0.66
  • Upgrade R6400 firmware to version 1.0.1.76
  • Upgrade R6400v2 firmware to version 1.0.4.120
  • Upgrade R6700v3 firmware to version 1.0.4.120
  • Upgrade R6900P firmware to version 1.3.3.142_HOTFIX
  • Upgrade R7000 firmware to version 1.0.11.128
  • Upgrade R7000P firmware to version 1.3.3.142_HOTFIX
  • Upgrade R7100LG firmware to version 1.0.0.72
  • Upgrade R7850 firmware to version 1.0.5.76
  • Upgrade R7900P firmware to version 1.4.2.84
  • Upgrade R7960P firmware to version 1.4.2.84
  • Upgrade R8000 firmware to version 1.0.4.76
  • Upgrade R8000P firmware to version 1.4.2.84
  • Upgrade R8300 firmware to version 1.0.2.156
  • Upgrade R8500 firmware to version 1.0.2.156
  • Upgrade RAX15 firmware to version 1.0.4.100
  • Upgrade RAX20 firmware to version 1.0.4.100
  • Upgrade RAX200 firmware to version 1.0.5.132
  • Upgrade RAX35v2 firmware to version 1.0.4.100
  • Upgrade RAX38v2 firmware to version 1.0.4.100
  • Upgrade RAX40v2 firmware to version 1.0.4.100
  • Upgrade RAX42 firmware to version 1.0.4.100
  • Upgrade RAX43 firmware to version 1.0.4.100
  • Upgrade RAX45 firmware to version 1.0.4.100
  • Upgrade RAX48 firmware to version 1.0.4.100
  • Upgrade RAX50 firmware to version 1.0.4.100
  • Upgrade RAX50S firmware to version 1.0.4.100
  • Upgrade RAX75 firmware to version 1.0.5.132
  • Upgrade RAX80 firmware to version 1.0.5.132
  • Upgrade RAXE450 firmware to version 1.0.8.70
  • Upgrade RAXE500 firmware to version 1.0.8.70
  • Upgrade RS400 firmware to version 1.5.1.80
  • Upgrade WNDR3400v3 firmware to version 1.0.1.42
  • Upgrade WNR3500Lv2 firmware to version 1.2.0.70
  • Upgrade XR300 firmware to version 1.0.3.68
  • Upgrade D6220 firmware to version 1.0.0.76
  • Upgrade D6400 firmware to version 1.0.0.108
  • Upgrade D7000v2 firmware to version 1.0.0.76
  • Upgrade DGN2200v4 firmware to version 1.0.0.126
  • Upgrade DC112A firmware to version 1.0.0.62
  • Upgrade CAX80 firmware to version 2.1.3.5
  • https://kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168#

Vulnerability Identifier

CVE-2021-34991


Source


Related Link