Headline
CVE-2022-38458: TALOS-2022-1598 || Cisco Talos Intelligence Group
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
SUMMARY
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
CONFIRMED VULNERABLE VERSIONS
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Netgear Orbi Router RBR750 4.6.8.5
PRODUCT URLS
Orbi Router RBR750 - https://www.netgear.com/support/product/RBR750
CVSSv3 SCORE
6.5 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE
CWE-311 - Missing Encryption of Sensitive Data
DETAILS
The Orbi Mesh Wi-Fi System creates dedicated high-speed Wi-Fi connections to your Internet service. The Orbi router (model RBR750) connects to your modem or gateway. The Orbi satellite (model RBS750) extends the Wi-Fi signal throughout your home.
An option exists in the Web Services Management tool to “Always use HTTPS to access the router”. However, if a user browses to http://<router_ip>/ they are prompted for credentials before redirecting to HTTPS. In addition, the credentials must be valid in order for the redirect to proceed. Once redirected to HTTPS, the user is then prompted again for authentication, but this time over HTTPS.
TIMELINE
2022-08-30 - Initial Vendor Contact
2022-09-05 - Vendor Disclosure
2023-01-19 - Vendor Patch Release
2023-03-21 - Public Release
Discovered by Christopher McBee and Dave McDaniel of Cisco Talos.
Related news
Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.
Cisco Talos recently discovered four vulnerabilities in the Netgear Orbi mesh wireless system, including the main hub router and satellite routers that extend the network’s range.