1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Netgear Orbi routers have some troubling security issues, so patc

    From TechnologyDaily@1337:1/100 to All on Thu Mar 23 16:15:03 2023
    Netgear Orbi routers have some troubling security issues, so patch now

    Date:
    Thu, 23 Mar 2023 16:05:35 +0000

    Description:
    Three of the four vulnerabilities troubling Orbi RBR750/RBS750 nodes have
    been fixed, with a fourth coming soon.

    FULL STORY ======================================================================

    If you own a Netgear Orbi RBR750/RBS750 networking devices, then youll want
    to make sure youre running the latest firmware to stay clear of some pretty alarming security vulnerabilities.

    Experts from Cisco Talos , ironically part of one of Netgear's biggest
    rivals, revealed that three of the four vulnerabilities have since been patched, including one critical issue that was awarded a score of 9.1 out of 10.

    However, one (less severe) issue remains at large. Netgear Orbi security vulnerabilities

    The most significant finding - CVE-2022-37337 - has luckily been patched. According to Talos, the access control functionality of the Orbi RBR750
    allows a user to explicitly add devices (specified by MAC address and a hostname) to allow or block the specified device when attempting to access
    the network.

    Many were reasonably safe from attacks because the hacker would have needed
    to gain access to the device, primarily leaving unprotected networks at risk, however even some protected networks may have been exposed due to weak SSID passwords. Read more

    These are the best endpoint protection tools around


    Netgear Wi-Fi routers need to be patched immediately


    This Netgear Orbi firmware update actually locked out users

    A further two issues existed, though as above, they have been issued a patch. The fourth issue, which remains unfixed, is specific to the router node meaning that even Orbi users who have not rolled out the full mesh Wi-Fi 6 setup are at risk. The Talos summary reads:

    A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.

    Enabling automatic updates is sensible to help prevent attacks, however sometimes critical vulnerabilities come around and require a more proactive approach. Manually checking for an update can help make sure that it hasnt been missed, or is not scheduled for a future installation. Protect yourself with the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/news/netgear-orbi-routers-have-some-troubling-securi ty-issues-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)