Posts: 919 +35
Security Alert: Routers can be an easily forgotten security risk because users don't directly interact with them every day despite their central role in networking. A newly publicized set of vulnerabilities present the latest of multiple security incidents that have recently hit routers, particularly those from Netgear.
Security researchers at Cisco Talos have published four vulnerabilities affecting Netgear Orbi mesh wireless systems. The device's latest firmware resolves three of the issues, but the fourth remains a threat, so users should keep checking for further updates.
Three of the exploits, including the unresolved one, affect the main Orbi router. A fourth impacts the satellites that extend the router's WiFi signal range when installed in large buildings. Talos highlights the Orbi Satellite RBS750 as a specific affected model, while Netgear lists that device along with several others.
The satellite vulnerability, designated TALOS-2022-1596 (CVE-2022-37337), allows arbitrary command execution if an attacker sends a specific HTTP request. Two other vulnerabilities allow an attacker to execute arbitrary code in the main router through different means.
TALOS-2022-1595 (CVE-2022-38452) requires a custom-tailored network request, while TALOS-2022-1597 (CVE-2022-36429) works through a JSON object. Finally, TALOS-2022-1598 (CVE-2022-38458) lets a hacker perform a man-in-the-middle attack to get sensitive information from the main router's Web Services Management tool.
Updating the firmware should protect against issues 1596, 1597, and 1598. However, Netgear has yet to resolve 1595 – the main router vulnerability involving the network request.
Netgear says the resolved exploits, which it details under different names from Talos' warning, require a hacker to either log into the WiFi network or have physical ethernet access. This means attackers can only use the vulnerabilities wirelessly with the network password or through an unsecured network. Furthermore, the command execution issues require admin credentials, meaning a malicious actor would have to log into the router's control panel.
To download the latest firmware, head to the company's support page and search for your router's model number. Then, select Downloads > Current Versions, and select the first item with "Firmware Version" in the title. Click "Release Notes" and follow the instructions from there.
Users should also check Netgear's main security update page, which contains many other advisories detailing vulnerabilities in other products from this month. Over two dozen alerts appeared on December 28 alone, so those who haven't upgraded their Netgear router's firmware at all in 2023 should do so ASAP.