Netgear lukker 51 sikkerhedshuller i routere og NAS-udstyr

Opdateringerne blev udsendt fra den 23. til den 29. september. De fjerner sårbarheder i flere modeller af routere, switche, DSL-gateways, modemer, trådløse access-punkter og ReadyNAS-enheder.

Flere af sårbarhederne er af typen cross-site scripting. Andre gør det muligt at indsætte kommandoer eller sætte et system ud af drift.

Anbefaling

Opdater de berørte produkter.

Links

• Netgear Patches Over 50 Flaws in Routers, Switches, NAS Devices, artikel fra SecurityWeek
• Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices, artikel fra Kaspersky Threatpost
• Security Advisory for Command InjectionVulnerability in ReadyNAS Surveillance Application, PSV-2017-2653
• Security Advisory for Security Misconfiguration Vulnerability on R7800 Routers, PSV-2016-0136
• Security Advisory for Command Injection Vulnerability on R7800 and R9000 Routers, PSV-2016-0128
• Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2213
• Security Advisory for Command Injection Vulnerability on Some Wireless Access Points, PSV-2017-2214
• Security Advisory for Command Injection Vulnerability on Some ReadyNAS Devices, PSV-2017-2002
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-2001
• Security Advisory for Security Misconfiguration Vulnerability on Some ReadyNAS Devices, PSV-2017-2000
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0301
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0300
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0299
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0298
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0296
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS devices, PSV-2017-0295
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS devices, PSV-2017-0291
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS devices, PSV-2017-0290
• Security Advisory for Vertical Privilege Escalation Vulnerability on Some Fully Managed Switches, PSV-2017-1951
• Security Advisory for Vertical Privilege Escalation Vulnerability on Some Fully Managed Switches, PSV-2017-1950
• Security Advisory for Security Misconfiguration Vulnerability on Some ReadyNAS devices, PSV-2017-0289
• Security Advisory for Stored Cross Site Scripting Vulnerability on Some ReadyNAS Devices, PSV-2017-0266
• Security Advisory for Store Cross Site Scripting Vulnerability on Some Fully Managed Switches, PSV-2017-1948
• Security Advisory for Vertical Privilege Escalation Vulnerability on Some Fully Managed Switches, PSV-2017-1944
• Security Advisory for Security Misconfiguration on Some Fully Managed Switches, PSV-2017-1943
• Security Advisory for Directory Traversal on Some Fully Managed Switches, PSV-2017-1942
• Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1941
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1940
• Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1939
• Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV -2017-1938
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1937
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1205
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1952
• Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1954
• Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1955
• Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1956
• Security Advisory for Reflected Cross Site Scripting on Some Fully Managed Switches, PSV-2017-1957
• Security Advisory for Denial of Service on Some Fully Managed Switches, PSV-2017-1959
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1973
• Security Advisory for Vertical Privilege Escalation on Some Fully Managed Switches, PSV-2017-1975
• Security Advisory for Stored Cross Site Scripting on Some Fully Managed Switches, PSV-2017-2004
• Security Advisory for Denial of Service Vulnerability on Some Fully Managed Switches, PSV-2017-2005
• Security Advisory for Command Injection on Some Routers and a Modem Router, PSV-2017-2158
• Security Advisory for a Cross Site Request Forgery on Some Routers, DSL Gateways, and a Modem Router PSV-2017-0327
• Security Advisory for an Admin Credential Disclosure on Some Routers and a DSL Gateway , PSV-2017-2155
• Security Advisory for an Admin Credential Disclosure on Some Routers and a Modem Router, PSV-2017-2149
• Security Advisory for Admin Credential Disclosure on Some Routers, PSV-2017-2137
• Security Advisory for Stack Overflow on Some Routers, PSV-2017-0793
• Security Advisory for Arbitrary File Read on Some Routers, PSV PSV-2017-0783
• Security Advisory for Cross Site Request Forgery on Some Routers, PSV-2017-0334
• Security Advisory for Command Injection on Some Routers and Modem Routers, PSV-2017-1209
• Security Advisory for Authentication Bypass on Some Routers or Modem Routers, PSV-2017-1208