NETGEAR.NightHawk.CGI.Command.Injection
Description
This indicates an attack attempt to exploit a Remote Code Execution attack on Netgear Nighthawk routers.
The vulnerability is due to command injection issue in CGI handler. The CGI handler allows attacker to set arbitrary device name into NVRAM that could lead to arbitrary system command execution.
Affected Products
D6220, running firmware versions prior to 1.0.0.48
D6400, running firmware versions prior to 1.0.0.82
D7000v2, running firmware versions prior to 1.0.0.52
D8500, running firmware versions prior to 1.0.3.43
R6250, running firmware versions prior to 1.0.4.34
R6400, running firmware versions prior to 1.0.1.44
R6400v2, running firmware versions prior to 1.0.2.62
R7100LG, running firmware versions prior to 1.0.0.48
R7300DST, running firmware versions prior to 1.0.0.68
R7900, running firmware versions prior to 1.0.3.8
R7900P, running firmware versions prior to 1.4.1.30
R8000, running firmware versions prior to 1.0.4.28
R8000P, running firmware versions prior to 1.4.1.30
R8300, running firmware versions prior to 1.0.2.128
R8500, running firmware versions prior to 1.0.2.128
Impact
System Compromise: Remote attackers can gain control of vulnerable systems
Recommended Actions
Refer to the vendor's advisory for updates:
https://kb.netgear.com/000061210/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0195
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |