Netgear R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability

May 19, 2022 Jason Davies 1368 Views 0 Comments Cyber Security, Netgear, Remote Code Execution Vulnerability 0 min read

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Netatalk library that is installed on NETGEAR R6700v3 routers. The issue results from the use of an outdated version of Netatalk containing known vulnerabilities. An attacker can leverage this vulnerability to execute code in the context of root.

NETGEAR has issued an update to correct this vulnerability.

NETGEAR has released fixes for these vulnerabilities on the following product models:

Fixed Wireless

R7100LG fixed in firmware version 1.0.0.76

Routers

R6400 fixed in firmware version 1.0.1.78
R6400v2 fixed in firmware version 1.0.4.126
R6700v3 fixed in firmware version 1.0.4.126

Wireless

DC112A fixed in firmware version 1.0.0.64

More details can be found at:
https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Netgear R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply