Joel St. John

Name of the Vulnerable Software and Affected Versions: NETGEAR EX3700 versions prior to 1.0.0.90 NETGEAR EX3800 versions prior to 1.0.0.90 NETGEAR EX6120 versions prior to 1.0.0.64 NETGEAR EX6130 versions prior to 1.0.0.44 Description: The issue is related to Cross-Site Request Forgery (CSRF), which is a type of attack that tricks a user into performing unintended actions on a web application. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For NETGEAR EX3700 versions prior to 1.0.0.90, update to version 1.0.0.90 or later. For NETGEAR EX3800 versions prior to 1.0.0.90, update to version 1.0.0.90 or later. For NETGEAR EX6120 versions prior to 1.0.0.64, update to version 1.0.0.64 or later. For NETGEAR EX6130 versions prior to 1.0.0.44, update to version 1.0.0.44 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR D6200 versions 1.1.00.37 and earlier NETGEAR D7000 versions 1.0.1.77 and earlier NETGEAR JR6150 versions 1.0.1.23 and earlier NETGEAR R6020 versions 1.0.0.41 and earlier NETGEAR R6050 versions 1.0.1.23 and earlier NETGEAR R6080 versions 1.0.0.41 and earlier NETGEAR R6120 versions 1.0.0.65 and earlier NETGEAR R6220 versions 1.1.0.99 and earlier NETGEAR R6260 versions 1.1.0.63 and earlier NETGEAR R6700v2 versions 1.2.0.61 and earlier NETGEAR R6800 versions 1.2.0.61 and earlier NETGEAR R6900v2 versions 1.2.0.61 and earlier NETGEAR R7450 versions 1.2.0.61 and earlier NETGEAR WNR2020 versions 1.1.0.61 and earlier **Description** The issue affects certain NETGEAR devices, allowing command injection by an authenticated user. **Recommendations** For NETGEAR D6200 version 1.1.00.37 and earlier, update to version 1.1.00.38 or later. For NETGEAR D7000 version 1.0.1.77 and earlier, update to version 1.0.1.78 or later. For NETGEAR JR6150 version 1.0.1.23 and earlier, update to version 1.0.1.24 or later. For NETGEAR R6020 version 1.0.0.41 and earlier, update to version 1.0.0.42 or later. For NETGEAR R6050 version 1.0.1.23 and earlier, update to version 1.0.1.24 or later. For NETGEAR R6080 version 1.0.0.41 and earlier, update to version 1.0.0.42 or later. For NETGEAR R6120 version 1.0.0.65 and earlier, update to version 1.0.0.66 or later. For NETGEAR R6220 version 1.1.0.99 and earlier, update to version 1.1.0.100 or later. For NETGEAR R6260 version 1.1.0.63 and earlier, update to version 1.1.0.64 or later. For NETGEAR R6700v2 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R6800 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R6900v2 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR R7450 version 1.2.0.61 and earlier, update to version 1.2.0.62 or later. For NETGEAR WNR2020 version 1.1.0.61 and earlier, update to version 1.1.0.62 or later.

Name of the Vulnerable Software and Affected Versions: NETGEAR D6100 versions prior to 1.0.0.55 NETGEAR D7800 versions prior to V1.0.1.24 NETGEAR R7100LG versions prior to V1.0.0.32 NETGEAR WNDR4300v1 versions prior to 1.0.2.90 NETGEAR WNDR4500v3 versions prior to 1.0.0.48 Description: The issue is related to the incorrect configuration of security settings in certain NETGEAR devices. Recommendations: For NETGEAR D6100 version prior to 1.0.0.55, update to version 1.0.0.55 or later. For NETGEAR D7800 version prior to V1.0.1.24, update to version V1.0.1.24 or later. For NETGEAR R7100LG version prior to V1.0.0.32, update to version V1.0.0.32 or later. For NETGEAR WNDR4300v1 version prior to 1.0.2.90, update to version 1.0.2.90 or later. For NETGEAR WNDR4500v3 version prior to 1.0.0.48, update to version 1.0.0.48 or later.

Name of the Vulnerable Software and Affected Versions: NETGEAR D6220 versions prior to V1.0.0.28 NETGEAR D6400 versions prior to V1.0.0.60 NETGEAR D8500 versions prior to V1.0.3.29 NETGEAR DGN2200v4 versions prior to 1.0.0.82 NETGEAR DGN2200Bv4 versions prior to 1.0.0.82 NETGEAR R6300v2 versions prior to 1.0.4.8 NETGEAR R6400 versions prior to 1.0.1.20 NETGEAR R6700 versions prior to 1.0.1.20 NETGEAR R6900 versions prior to 1.0.1.20 NETGEAR R7000 versions prior to 1.0.7.10 NETGEAR R7100LG versions prior to V1.0.0.32 NETGEAR R7300DST versions prior to 1.0.0.52 NETGEAR R7900 versions prior to 1.0.1.16 NETGEAR R8000 versions prior to 1.0.3.36 NETGEAR R8300 versions prior to 1.0.2.94 NETGEAR R8500 versions prior to 1.0.2.94 NETGEAR WNDR3400v3 versions prior to 1.0.1.12 NETGEAR WNR3500Lv2 versions prior to 1.2.0.40 Description: The issue is related to administrative password disclosure in certain NETGEAR devices. Recommendations: Update D6220 to version V1.0.0.28 or later. Update D6400 to version V1.0.0.60 or later. Update D8500 to version V1.0.3.29 or later. Update DGN2200v4 to version 1.0.0.82 or later. Update DGN2200Bv4 to version 1.0.0.82 or later. Update R6300v2 to version 1.0.4.8 or later. Update R6400 to version 1.0.1.20 or later. Update R6700 to version 1.0.1.20 or later. Update R6900 to version 1.0.1.20 or later. Update R7000 to version 1.0.7.10 or later. Update R7100LG to version V1.0.0.32 or later. Update R7300DST to version 1.0.0.52 or later. Update R7900 to version 1.0.1.16 or later. Update R8000 to version 1.0.3.36 or later. Update R8300 to version 1.0.2.94 or later. Update R8500 to version 1.0.2.94 or later. Update WNDR3400v3 to version 1.0.1.12 or later. Update WNR3500Lv2 to version 1.2.0.40 or later.

Name of the Vulnerable Software and Affected Versions: NETGEAR R6100 versions prior to 1.0.1.12 NETGEAR R7500 versions prior to 1.0.0.108 NETGEAR WNDR3700v4 versions prior to 1.0.2.86 NETGEAR WNDR4300v1 versions prior to 1.0.2.88 NETGEAR WNDR4300v2 versions prior to 1.0.0.48 NETGEAR WNDR4500v3 versions prior to 1.0.0.48 NETGEAR WNR2000v5 versions prior to 1.0.0.42 Description: Certain NETGEAR devices are affected by a Cross-Site Request Forgery (CSRF) issue. This allows an attacker to perform actions on behalf of a user without their knowledge or consent. Recommendations: For NETGEAR R6100 version prior to 1.0.1.12, update to version 1.0.1.12 or later. For NETGEAR R7500 version prior to 1.0.0.108, update to version 1.0.0.108 or later. For NETGEAR WNDR3700v4 version prior to 1.0.2.86, update to version 1.0.2.86 or later. For NETGEAR WNDR4300v1 version prior to 1.0.2.88, update to version 1.0.2.88 or later. For NETGEAR WNDR4300v2 version prior to 1.0.0.48, update to version 1.0.0.48 or later. For NETGEAR WNDR4500v3 version prior to 1.0.0.48, update to version 1.0.0.48 or later. For NETGEAR WNR2000v5 version prior to 1.0.0.42, update to version 1.0.0.42 or later.

Name of the Vulnerable Software and Affected Versions: D6100 versions prior to V1.0.0.55 D7000 versions prior to V1.0.1.50 D7800 versions prior to V1.0.1.24 JNR1010v2 versions prior to 1.1.0.40 JWNR2010v5 versions prior to 1.1.0.40 R6100 versions prior to 1.0.1.12 R6220 versions prior to 1.1.0.50 R7500 versions prior to 1.0.0.108 R7500v2 versions prior to 1.0.3.10 WNDR4300v1 versions prior to 1.0.2.88 WNDR4300v2 versions prior to 1.0.0.48 WNDR4500v3 versions prior to 1.0.0.48 WNR1000v4 versions prior to 1.1.0.40 WNR2000v5 versions prior to 1.0.0.42 WNR2020 versions prior to 1.1.0.40 WNR2050 versions prior to 1.1.0.40 Description: Certain NETGEAR devices are affected by authentication bypass. Recommendations: As a temporary workaround, consider disabling authentication for the affected devices until a patch is available. For D6100, update to V1.0.0.55 or later. For D7000, update to V1.0.1.50 or later. For D7800, update to V1.0.1.24 or later. For JNR1010v2, update to 1.1.0.40 or later. For JWNR2010v5, update to 1.1.0.40 or later. For R6100, update to 1.0.1.12 or later. For R6220, update to 1.1.0.50 or later. For R7500, update to 1.0.0.108 or later. For R7500v2, update to 1.0.3.10 or later. For WNDR4300v1, update to 1.0.2.88 or later. For WNDR4300v2, update to 1.0.0.48 or later. For WNDR4500v3, update to 1.0.0.48 or later. For WNR1000v4, update to 1.1.0.40 or later. For WNR2000v5, update to 1.0.0.42 or later. For WNR2020, update to 1.1.0.40 or later. For WNR2050, update to 1.1.0.40 or later.

Name of the Vulnerable Software and Affected Versions: NETGEAR R6050/JR6150 versions prior to 1.0.1.7 NETGEAR PR2000 versions prior to 1.0.0.17 NETGEAR R6220 versions prior to 1.1.0.50 NETGEAR WNDR3700v5 versions prior to 1.1.0.48 NETGEAR JNR1010v2 versions prior to 1.1.0.40 NETGEAR JWNR2010v5 versions prior to 1.1.0.40 NETGEAR WNR1000v4 versions prior to 1.1.0.40 NETGEAR WNR2020 versions prior to 1.1.0.40 NETGEAR WNR2050 versions prior to 1.1.0.40 NETGEAR WNR614 versions prior to 1.1.0.40 NETGEAR WNR618 versions prior to 1.1.0.40 NETGEAR D7000 versions prior to 1.0.1.50 Description: Certain NETGEAR devices are affected by a CSRF issue. Recommendations: For NETGEAR R6050/JR6150 versions prior to 1.0.1.7, update to version 1.0.1.7 or later. For NETGEAR PR2000 versions prior to 1.0.0.17, update to version 1.0.0.17 or later. For NETGEAR R6220 versions prior to 1.1.0.50, update to version 1.1.0.50 or later. For NETGEAR WNDR3700v5 versions prior to 1.1.0.48, update to version 1.1.0.48 or later. For NETGEAR JNR1010v2 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR JWNR2010v5 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR WNR1000v4 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR WNR2020 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR WNR2050 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR WNR614 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR WNR618 versions prior to 1.1.0.40, update to version 1.1.0.40 or later. For NETGEAR D7000 versions prior to 1.0.1.50, update to version 1.0.1.50 or later.