CVE-2022-36429

Name of the Vulnerable Software and Affected Versions Netgear Orbi Satellite RBS750 version 4.6.8.5

Description A command execution vulnerability exists in the ubus backend communications functionality. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. The issue is also related to the presence of undocumented commands, which can be exploited by a remote attacker to execute arbitrary commands using a specially crafted packet.

Recommendations For Netgear Orbi Satellite RBS750 version 4.6.8.5, consider disabling the ubus backend communications functionality until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.