Jump to content
Sign in to follow this  
Killhippie

Security-Advisory-for-Remote-Kernel-Vulnerabilities on X500/700

Recommended Posts

NETGEAR has released firmware fixes or hotfixes for KCodes NetUSB unauthenticated remote kernel information disclosure and arbitrary memory read security vulnerabilities on the following product models:

XR500 running firmware versions prior to v2.3.2.56

XR700 running firmware versions prior to v1.0.1.18_BETA

D6000 running firmware versions prior to v1.0.0.78

D6400 running firmware versions prior to v1.0.0.88

D7800 running firmware versions prior to v1.0.1.56

DC112A running firmware versions prior to v1.0.0.44        

EX6200 running firmware versions prior to v1.0.3.90         

EX6200v2 running firmware versions prior to v1.0.1.78     

EX8000 running firmware versions prior to v1.0.1.202       

R6250 running firmware versions prior to v1.0.4.38_BETA

R6400 running firmware versions prior to v1.0.1.50

R7300DST running firmware versions prior to v1.0.0.74_BETA

R7500v2 running firmware versions prior to v1.0.3.41_BETA

R7800 running firmware versions prior to v1.0.2.63_BETA

R7900 running firmware versions prior to 1.0.3.14_10.0.40_BETA

R8000 running firmware versions prior to 1.0.4.38_10.1.59_BETA

R8900 running firmware versions prior to v1.0.4.36_BETA

R9000 running firmware versions prior to v1.0.4.36_BETA

WNDR4300v2 running firmware versions prior to v1.0.0.60_BETA          

WNDR4500v3 running firmware versions prior to v1.0.0.60_BETA

The firmware versions that end in “_BETA” are security hotfixes. Security hotfixes are beta firmware created outside of normal development and testing processes. While the hotfixes do fix the security vulnerabilities identified above, they could negatively affect the regular operation of your device. Though our pre-deployment testing process did not indicate that these hotfixes would impact device operability, we always encourage our users to monitor their device closely after installing the firmware hotfix.

NETGEAR strongly recommends that you download the latest firmware fixes or hotfixes for these product models as soon as possible.

CVSS v3 Rating: High

CVSS v3 Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* I would suggest not running older firmware on XR routers unless its just for testing purposes and that you update to version 2.3.2.56 or 1.0.1.18_BETA to be safe

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...