Alxhh

**Name of the Vulnerable Software and Affected Versions** D7800 versions 1.0.1.64 and earlier EX6200v2 versions 1.0.1.86 and earlier EX6250 versions 1.0.0.134 and earlier EX7700 versions 1.0.0.216 and earlier EX8000 versions 1.0.1.232 and earlier LBR20 versions 2.6.3.50 and earlier R7800 versions 1.0.2.80 and earlier R8900 versions 1.0.5.26 and earlier R9000 versions 1.0.5.26 and earlier RAX120 versions 1.2.0.16 and earlier RBS50Y versions 1.0.0.56 and earlier WNR2000v5 versions 1.0.0.76 and earlier XR450 versions 2.3.2.114 and earlier XR500 versions 2.3.2.114 and earlier XR700 versions 1.0.1.36 and earlier EX6150v2 versions 1.0.1.98 and earlier EX7300 versions 1.0.2.158 and earlier EX7320 versions 1.0.0.134 and earlier EX6100v2 versions 1.0.1.98 and earlier EX6400 versions 1.0.2.158 and earlier EX7300v2 versions 1.0.0.134 and earlier EX6410 versions 1.0.0.134 and earlier RBR10 versions 2.6.1.44 and earlier RBR20 versions 2.6.2.104 and earlier RBR40 versions 2.6.2.104 and earlier RBR50 versions 2.7.2.102 and earlier EX6420 versions 1.0.0.134 and earlier RBS10 versions 2.6.1.44 and earlier RBS20 versions 2.6.2.104 and earlier RBS40 versions 2.6.2.104 and earlier RBS50 versions 2.7.2.102 and earlier EX6400v2 versions 1.0.0.134 and earlier RBK12 versions 2.6.1.44 and earlier RBK20 versions 2.6.2.104 and earlier RBK40 versions 2.6.2.104 and earlier RBK50 versions 2.7.2.102 and earlier **Description** The issue is related to command injection by an unauthenticated attacker due to insufficient input data cleaning. This allows a remote attacker to execute arbitrary commands. **Recommendations** Update D7800 to version 1.0.1.64 or later. Update EX6200v2 to version 1.0.1.86 or later. Update EX6250 to version 1.0.0.134 or later. Update EX7700 to version 1.0.0.216 or later. Update EX8000 to version 1.0.1.232 or later. Update LBR20 to version 2.6.3.50 or later. Update R7800 to version 1.0.2.80 or later. Update R8900 to version 1.0.5.26 or later. Update R9000 to version 1.0.5.26 or later. Update RAX120 to version 1.2.0.16 or later. Update RBS50Y to version 1.0.0.56 or later. Update WNR2000v5 to version 1.0.0.76 or later. Update XR450 to version 2.3.2.114 or later. Update XR500 to version 2.3.2.114 or later. Update XR700 to version 1.0.1.36 or later. Update EX6150v2 to version 1.0.1.98 or later. Update EX7300 to version 1.0.2.158 or later. Update EX7320 to version 1.0.0.134 or later. Update EX6100v2 to version 1.0.1.98 or later. Update EX6400 to version 1.0.2.158 or later. Update EX7300v2 to version 1.0.0.134 or later. Update EX6410 to version 1.0.0.134 or later. Update RBR10 to version 2.6.1.44 or later. Update RBR20 to version 2.6.2.104 or later. Update RBR40 to version 2.6.2.104 or later. Update RBR50 to version 2.7.2.102 or later. Update EX6420 to version 1.0.0.134 or later. Update RBS10 to version 2.6.1.44 or later. Update RBS20 to version 2.6.2.104 or later. Update RBS40 to version 2.6.2.104 or later. Update RBS50 to version 2.7.2.102 or later. Update EX6400v2 to version 1.0.0.134 or later. Update RBK12 to version 2.6.1.44 or later. Update RBK20 to version 2.6.2.104 or later. Update RBK40 to version 2.6.2.104 or later. Update RBK50 to version 2.7.2.102 or later.

**Name of the Vulnerable Software and Affected Versions** D7800 versions prior to 1.0.1.64 EX6250 versions prior to 1.0.0.134 EX7700 versions prior to 1.0.0.222 LBR20 versions prior to 2.6.3.50 RBS50Y versions prior to 2.7.3.22 R8900 versions prior to 1.0.5.26 R9000 versions prior to 1.0.5.26 XR450 versions prior to 2.3.2.66 XR500 versions prior to 2.3.2.66 XR700 versions prior to 1.0.1.36 EX7320 versions prior to 1.0.0.134 RAX120 versions prior to 1.2.2.24 EX7300v2 versions prior to 1.0.0.134 RAX120v2 versions prior to 1.2.2.24 EX6410 versions prior to 1.0.0.134 RBR10 versions prior to 2.7.3.22 RBR20 versions prior to 2.7.3.22 RBR40 versions prior to 2.7.3.22 RBR50 versions prior to 2.7.3.22 EX6420 versions prior to 1.0.0.134 RBS10 versions prior to 2.7.3.22 RBS20 versions prior to 2.7.3.22 RBS40 versions prior to 2.7.3.22 RBS50 versions prior to 2.7.3.22 EX6400v2 versions prior to 1.0.0.134 RBK12 versions prior to 2.7.3.22 RBK20 versions prior to 2.7.3.22 RBK40 versions prior to 2.7.3.22 RBK50 versions prior to 2.7.3.22 **Description** The issue is related to incorrect configuration of security settings in certain NETGEAR devices. This may allow a remote attacker to impact the integrity, availability, and confidentiality of protected information. **Recommendations** Update D7800 to version 1.0.1.64 or later Update EX6250 to version 1.0.0.134 or later Update EX7700 to version 1.0.0.222 or later Update LBR20 to version 2.6.3.50 or later Update RBS50Y to version 2.7.3.22 or later Update R8900 to version 1.0.5.26 or later Update R9000 to version 1.0.5.26 or later Update XR450 to version 2.3.2.66 or later Update XR500 to version 2.3.2.66 or later Update XR700 to version 1.0.1.36 or later Update EX7320 to version 1.0.0.134 or later Update RAX120 to version 1.2.2.24 or later Update EX7300v2 to version 1.0.0.134 or later Update RAX120v2 to version 1.2.2.24 or later Update EX6410 to version 1.0.0.134 or later Update RBR10 to version 2.7.3.22 or later Update RBR20 to version 2.7.3.22 or later Update RBR40 to version 2.7.3.22 or later Update RBR50 to version 2.7.3.22 or later Update EX6420 to version 1.0.0.134 or later Update RBS10 to version 2.7.3.22 or later Update RBS20 to version 2.7.3.22 or later Update RBS40 to version 2.7.3.22 or later Update RBS50 to version 2.7.3.22 or later Update EX6400v2 to version 1.0.0.134 or later Update RBK12 to version 2.7.3.22 or later Update RBK20 to version 2.7.3.22 or later Update RBK40 to version 2.7.3.22 or later Update RBK50 to version 2.7.3.22 or later

**Name of the Vulnerable Software and Affected Versions** NETGEAR RBK352 versions prior to 4.4.0.10 NETGEAR RBR350 versions prior to 4.4.0.10 NETGEAR RBS350 versions prior to 4.4.0.10 **Description** The issue is related to a hardcoded password in certain NETGEAR devices. This allows a remote attacker to gain unauthorized access to protected information. **Recommendations** For NETGEAR RBK352 versions prior to 4.4.0.10, update to version 4.4.0.10 or later. For NETGEAR RBR350 versions prior to 4.4.0.10, update to version 4.4.0.10 or later. For NETGEAR RBS350 versions prior to 4.4.0.10, update to version 4.4.0.10 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R7000 versions prior to 1.0.11.126 NETGEAR R6900P versions prior to 1.3.2.126 NETGEAR R7000P versions prior to 1.3.2.126 **Description** The issue is related to command injection by an authenticated user due to a lack of input data sanitization in the embedded software of NETGEAR routers. This allows a remote attacker to execute arbitrary commands. **Recommendations** For NETGEAR R7000 versions prior to 1.0.11.126, update to version 1.0.11.126 or later. For NETGEAR R6900P versions prior to 1.3.2.126, update to version 1.3.2.126 or later. For NETGEAR R7000P versions prior to 1.3.2.126, update to version 1.3.2.126 or later.