Netgear 產品多個漏洞
發佈日期: 2023年03月23日
風險: 高度風險
類型: 操作系統 - Network
於 Netgear 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及敏感資料洩露。
注意:
CVE-2022-36429、CVE-2022-37337、CVE-2022-38452 及 CVE-2022-38458 的概念驗證碼已被公開。
影響
- 遠端執行程式碼
- 資料洩露
受影響之系統或技術
- NETGEAR Orbi Mesh Router RBR750
- NETGEAR Orbi Mesh Router RBR840
- NETGEAR Orbi Mesh Router RBR850
- NETGEAR Orbi Mesh Router RBR860
- NETGEAR Orbi Mesh Router RBRE950
- NETGEAR Orbi Mesh Router RBRE960
- NETGEAR Orbi Mesh Router RBS750
- NETGEAR Orbi Mesh Router RBS840
- NETGEAR Orbi Mesh Router RBS850
- NETGEAR Orbi Mesh Router RBS860
- NETGEAR Orbi Mesh Router RBSE950
- NETGEAR Orbi Mesh Router RBSE960
詳情請參閱以下連結﹕
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
- 安裝供應商提供的修補程式:
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
漏洞識別碼
資料來源
相關連結
- https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
- https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
- https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
- https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
- https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1597
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1598
沒有留言:
發佈留言