Initiatives pour
    
    En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
      
     
                  Reference:
Advisory #2023-34
Version:
1.0
Affected software:
Netgear Orbi routers
RBR750/840/850 prior to 4.6.14.3
RBR860 prior to 7.2.4.5
RBRE950/960 prior to 6.3.7.10 
RBS750/840/850 prior to 4.6.14.3 
RBS860 prior to 7.2.4.5
RBSE950/960 prior to 6.3.7.10 
Type:
Command execution, Man in the Middle Attack
CVE/CVSS:
CVE-2022-37337 (9.1)
CVE-2022-36429 (7.2)
CVE-2022-38452 (7.2)
CVE-2022-38458 (6.5)
https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187
https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188
https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186
https://kb.netgear.com/000065428/Security-Advisory-for-Cleartext-Transmission-on-Some-Orbi-WiFi-Systems-PSV-2022-0189
Cisco Talos researchers published Proof-of-concept (PoC) exploits for multiple vulnerabilities in Netgear’s Orbi 750 series router and extender satellites.
Netgear Orbi are mesh Wi-Fi systems designed to provide reliable Wi-Fi coverage for home or business users. The system consists of a main router and multiple satellite units that work together to create a seamless Wi-Fi network that can cover a wide area.
3 of the vulnerabilities could lead to arbitrary command execution, the fourth vulnerability can lead to a Man-In-the-middle attack.
Netgear released a firmware patch on January 19, 2023, and is not aware of attacks in the wild exploiting these flaws.
Cisco also released Snort rules (60474 – 60477 and 60499) to detect exploitation attempts against this vulnerability.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident
CVE-2022-37337 is a critical command execution vulnerability. The attacker needs to send a specially crafted HTTP request. CVE-2022-37337 requires an established foothold on the victim’s network as a prerequisite.
CVE-2022-36429 and CVE-2022-38452 are both arbitrary command execution vulnerabilities. CVE-2022-36429 requires an adversary to craft a special JSON object, whilst CVE-2022-38452 requires a specially crafted network request to be exploited.
CVE-2022-38458 can facilitate a man-In-the-middle attack and does not require any privileges in comparison to the previous mentioned vulnerabilities.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity.
If you have already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
https://nvd.nist.gov/vuln/detail/CVE-2022-36429
https://nvd.nist.gov/vuln/detail/CVE-2022-38452
https://nvd.nist.gov/vuln/detail/CVE-2022-37337
https://www.tenable.com/cve/CVE-2022-38458