NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR50 / RBS50 Firmware Version 2.6.1.40
Available here: RBR50 / RBS50 Firmware Version 2.6.1.40 | Answer | NETGEAR Support New Features and Enhancements: Supports HTTPS on the LAN Security Fixes: Fixes security issues When ther...
This is a rare instance when NG has documented a problem and the fix for it. Lets not fight it.
Making users aware of this is a a good thing. This way, users can look up the details of the security issue, decide how serious it is, and whether to update their firmware to 2.6.1.40 or newer (for RBK50's).
security_advisory_for_unauthenticated_command
https://nvd.nist.gov/vuln/detail/CVE-2020-27861
"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076"
NIST severity score = 8.8/10 (High)
alokeprasad wrote:This is a rare instance when NG has documented a problem and the fix for it. Lets not fight it.
Show me where this was a problem with casulaities and how they fixed it
I'm applauding NG's documenting the otherwise unspecified "security issues".
Getting more details about the issues takes time and effort.