Haythem Elmir

Netgear recently issued 50 patches for its routers, switches, NAS devices, and wireless access points to resolve vulnerabilities ranging from remote code execution bugs to authentication bypass flaws.

Twenty of the patches address “high” vulnerability issues with the remaining 30 scored as “medium” security risks. Netgear posted advisories for the bugs to its website over the last two weeks.

Network security firm Beyond Security is credited by Netgear for discovering several of the vulnerabilities patched last week. One of the issues was a command injection vulnerability in the ReadyNAS Surveillance Application running on versions prior to 1.4.3-17 (x86) and 1.1.4-7 (ARM). A command injection attack can execute arbitrary commands on host operating systems via vulnerable applications that facilitate the passing of unsafe user supplied data (forms, cookies, HTTP headers) to a system shell.

“These are all vulnerabilities caused by what appears to be inadequate verification of user input, oversight on what should and should not require authentication, and improper mechanism of enforcing security on users accessing their product web interface,” Noam Rathaus, founder and CTO of Beyond Security said. “I believe much of Netgear products share the same codebase and same underlying code structure which is what causing many of their products to be vulnerable.”[…]

To read the  original article:

Laisser un commentaire

Next Post

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed. Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data breach the company disclosed last month, bringing the total possible victims to 145.5 million […]