Vulnerabilities in Netgear routers exposed

Netgear Orbi Vulnerabilities Discovered and Fixed by Manufacturer

Popular home mesh system, Netgear Orbi, has had vulnerabilities discovered by Cisco Talos, a cybersecurity team. The network posted POC-Exenths on the Netgear RBIAR ROBI 750 and Netgear Orbi’s satellites vulnerabilities. The flaws were fixed by the manufacturer on August 30th, 2022.

The Netgear Orbi system allows reliable coating and high throughput for up to 40 devices connected simultaneously within a range of 465-1160 square meters. Cisco Talos uncovered the vulnerabilities, which included a Remote Code Execution (RCE)-vulnerability in the access control function for the Netgear Orbi router. By sending an HTTP request, an attacker with access to a vulnerable router’s public administrator console could perform arbitrary commands on the device.

There was also a vulnerability in the Telnet service, which requires real accounting data and MAC addresses for operation. Although the manufacturer released a firmware update in January 2023, the deficiency in the Telnet service has not been fixed, and users are advised to update to the latest version (4.6.14.3).

A Netgear Orbi Satellite vulnerability was also identified, affecting the expansion of network coverage connected to the router. An attacker could exploit this vulnerability by sending a sequence of specially created JSON objects to the device, requiring an administrator token for a successful attack.

Another vulnerability, CVE-2022-38458, affects the remote control functions of the NetGear Orbi router and allows MITM attacks that can lead to the disclosure of confidential information. At the time of disclosure by Cisco, no active operation of the above vulnerabilities was known. However, given the availability of the POC for CVE-2022-37337, hackers may try to find incorrectly configured publicly accessible routers for operation.

The good news is that these exploits require local access and actual accounting data or access to the public administrator console, making them complicated for attackers to pull off. Users are advised to update their routers’ firmware to the latest version, released on January 19th, 2023, to avoid these vulnerabilities.

/Reports, release notes, official announcements.