WARNING: MULTIPLE VULNERABILITIES IN NETGEAR ORBI ROUTERS (1 CRITICAL, 2 HIGH), PATCH IMMEDIATELY!
Cisco Talos researchers published Proof-of-concept (PoC) exploits for multiple vulnerabilities in Netgear’s Orbi 750 series router and extender satellites.
Netgear Orbi are mesh Wi-Fi systems designed to provide reliable Wi-Fi coverage for home or business users. The system consists of a main router and multiple satellite units that work together to create a seamless Wi-Fi network that can cover a wide area.
3 of the vulnerabilities could lead to arbitrary command execution, the fourth vulnerability can lead to a Man-In-the-middle attack.
Netgear released a firmware patch on January 19, 2023, and is not aware of attacks in the wild exploiting these flaws.
Cisco also released Snort rules (60474 – 60477 and 60499) to detect exploitation attempts against this vulnerability.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident
CVE-2022-37337 is a critical command execution vulnerability. The attacker needs to send a specially crafted HTTP request. CVE-2022-37337 requires an established foothold on the victim’s network as a prerequisite.
CVE-2022-36429 and CVE-2022-38452 are both arbitrary command execution vulnerabilities. CVE-2022-36429 requires an adversary to craft a special JSON object, whilst CVE-2022-38452 requires a specially crafted network request to be exploited.
CVE-2022-38458 can facilitate a man-In-the-middle attack and does not require any privileges in comparison to the previous mentioned vulnerabilities.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity.
If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident