CVE-2022-38452

Name of the Vulnerable Software and Affected Versions Netgear Orbi Router RBR750 version 4.6.8.5

Description A command execution issue exists in the hidden telnet service functionality. This can be exploited by sending a specially-crafted network request, potentially allowing an attacker to execute arbitrary commands. The issue is related to the use of the Blowfish cryptographic algorithm in the crypt 64bit up/down() function.

Recommendations For Netgear Orbi Router RBR750 version 4.6.8.5, consider disabling the hidden telnet service functionality until a patch is available. Restrict access to the UDP port 23 to minimize the risk of exploitation. Avoid using the vulnerable crypt 64bit up/down() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.