ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.16)

Avis et alertes de sécurité au jour le jour (aucune question posée dans ce sous-forum)

Modérateur: Modérateurs et Modératrices

ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.16)

Messagede pierre » 14 Déc 2016, 11:49

ALERTE - Vulnérabilité dans les routeurs Netgear (13 décembre 2016)

Version initiale de l'alerte
13 décembre 2016

Source
Bulletin de sécurité Netgear du 09 décembre 2016
http://kb.netgear.com/000036386/CVE-2016-582384

1 - Risque(s)
Exécution de code arbitraire à distance

2 - Systèmes affectés
Netgear R6250
Netgear R6400
Netgear R6700
Netgear R7000
Netgear R7100LG
Netgear R7300
Netgear R7900
Netgear R8000

3 - Résumé
Une vulnérabilité a été découverte dans les routeurs Netgear. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

4 - Contournement provisoire
Le 9 décembre 2016, Netgear a émis un avis de sécurité indiquant que plusieurs de ses routeurs étaient vulnérables à une injection de commande à distance.
Un attaquant non authentifié peut exploiter cette vulnérabilité à distance si l'utilisateur se rend sur un site piégé.
Cela lui permet alors d'exécuter des commandes arbitraires avec les privilèges les plus élevés (root).
A noter qu'un attaquant présent sur le réseau local peut directement exploiter cette vulnérabilité.

La vulnérabilité est très facile à exploiter.
Dans l'attente de correctifs de sécurité qui seront disponibles, pour certains modèles, à partir du 13 décembre 2016, il existe une mesure de contournement.
La vulnérabilité peut être exploitée afin de désactiver le service vulnérable, rendant l'administration à distance impossible jusqu'au redémarrage du routeur (cf. section Documentation).

Il est vivement recommandé de suivre les mises à jour proposées par Netgear et de les appliquer immédiatement.
Tant que les mises à jour ne sont pas publiées, il est vivement recommandé de retirer les systèmes affectés du réseau, ou lorsque cela n'est pas possible, d'appliquer la mesure de contournement (cf. section Documentation).

5 - Documentation
Bulletin de sécurité Netgear du 09 décembre 2016
http://kb.netgear.com/000036386/CVE-2016-582384

CERT Canegie Mellon
https://www.kb.cert.org/vuls/id/582384

Référence CVE CVE-2016-582384
http://cve.mitre.org/cgi-bin/cvename.cg ... 016-582384
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 26887
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant

Re: ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.

Messagede pierre » 14 Déc 2016, 11:50

Mise à jour du 14.12.2016


NETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products followed by an asterisk (*) have beta firmware fixes available—see below.

  • R6250*
  • R6400*
  • R6700*
  • R6900
  • R7000*
  • R7100LG*
  • R7300DST*
  • R7900*
  • R8000*
  • D6220
  • D6400
  • D7000

NETGEAR is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible.

While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.

To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.

NETGEAR will continue to update this knowledge base article when we have more information.




We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

If you have any security concerns, you can reach us at [url=mailto:security@netgear.com]security@netgear.com[/url].


Last Updated:12/14/2016 | Article ID: 000036386
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 26887
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant

Re: ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.

Messagede pierre » 22 Déc 2016, 16:41

Mise à jour du 19.12.2016


NETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products followed by a single asterisk (*) have beta firmware fixes available. All products followed by three asterisks (***) have production firmware fixes available.

  • R6250***
  • R6400***
  • R6700*
  • R6900*
  • R7000***
  • R7100LG*
  • R7300DST*
  • R7900*
  • R8000***
  • D6220*
  • D6400*

The D7000 was previously included in a list of models that were affected by this security vulnerability. However, NETGEAR has tested and confirmed that the D7000 is not affected by this command injection vulnerability.

NETGEAR is working on production firmware versions that fix this command injection vulnerability for all affected products. Production firmware fixes are already available for some models, and NETGEAR will release production firmware fixes for the remaining models as quickly as possible.

Production firmware is available for the following models. Even if you have already downloaded the beta firmware fix for your model, NETGEAR strongly recommends that all users download the production firmware as soon as it is available. If you do not upgrade your firmware to the production version, the potential for this command injection vulnerability remains.

To download the production firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


While we are working on production firmware for the remaining models, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below. To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.

NETGEAR will continue to update this knowledge base article when we have more information.




We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

If you have any security concerns, you can reach us at [url=mailto:security@netgear.com]security@netgear.com[/url].
Last Updated:12/19/2016 | Article ID: 000036386
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 26887
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant

Re: ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.

Messagede pierre » 24 Déc 2016, 15:10

Mise à jour du 23/12/2016

NetGear a écrit:À notre connaissance, les mises à jour des firmwares ont été publiées pour tous les produits concernés.
Mettez à jour vos firmware - suivez le lien propre à votre modèle puis suivez les instructions.



NETGEAR is aware of the security issue CVE-2016-6277 (formerly designated VU #582384) that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has completed testing on the latest firmware versions of its entire currently shipping WiFi router portfolio for this vulnerability. To NETGEAR’s knowledge, the models below are the only affected models.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products now have production firmware fixes available.

  • R6250
  • R6400
  • R6700
  • R6900
  • R7000
  • R7100LG
  • R7300DST
  • R7900
  • R8000
  • D6220
  • D6400

The D7000 was previously included in a list of models that were affected by this security vulnerability. However, NETGEAR has tested and confirmed that the D7000 is not affected by this command injection vulnerability.

Production firmware is available for all affected models. Even if you have already downloaded the beta firmware fix for your model, NETGEAR strongly recommends that all users download the production firmware as soon as possible. If you do not upgrade your firmware to the production version, the potential for this command injection vulnerability remains.

To download the production firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


NETGEAR has finished reviewing our current portfolio for other routers that might be affected by this vulnerability. To our knowledge, production firmware has been released for all affected products. If any other routers are later found to be affected by the same security vulnerability, we will release firmware to fix those as well.

NETGEAR is not responsible for any consequences that could have been avoided by upgrading to production firmware as recommended in this notification.




We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

If you have any security concerns, you can reach us at [url=mailto:security@netgear.com]security@netgear.com[/url].


Last Updated:12/23/2016 | Article ID: 000036386
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 26887
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant

Re: ALERTE - Vulnérabilité dans les routeurs Netgear (13.12.

Messagede pierre » 27 Déc 2016, 17:21

Clôture de l'alerte
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 26887
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant


Retourner vers Alertes

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 17 invités