Whilst we don’t supply Netgear routers, we know that a number of our customers use them, so wanted to ensure you were aware of potential vulnerabilities that need to be addressed via a firmware update.
The list of (so far) affected models is below. You or your IT specialist should ensure that you update as soon as possible to mitigate any risks.
List of NETGEAR Routers At Risk
The Five Vulnerabilities
TWSL2018-002: Password Recovery and File Access
Some routers allow arbitrary file reading from the device provided that the path to file is known. Total of 17 products are affected.
TWSL2018-003: Finding 1: Post-Authentication Command Injection
This one affects six products and reflects a root level OS command execution via the device_name parameter on the lan.cgi page, although the attack requires authentication.
TWSL2018-003: Finding 2: Authentication Bypass
This also affects large set of products (17) and is trivial to exploit. Authentication is bypassed if “&genie=1” is found within the query string.
TWSL2018-003: Chained Attack: Command Injection
This is a three-stage attack leveraging three separate issues: CSRF token recovery vulnerability and the two findings in TWSL2018-003. As a result, any user connected to the router can run OS commands as root on the device without providing any credentials.
TWSL2018-004: Command Injection Vulnerability on D7000, EX6200v2 and Some Routers
Only 6 products are affected, this allows to run OS commands as root during short time window when WPS is activated.