Using a NETGEAR ORBI system at home or in the office? Then it’s time to patch. Finally, security researchers have shared code that hackers can use to exploit several critical vulnerabilities.

If you own a NETGEAR Orbi mesh system, you shouldn’t wait any longer to install the latest updates. Finally, the code to successfully exploit previously discovered leaks is online. Security researchers at Cisco Talos self-released this code after notifying Netgear of bugs in Orbi software last year. The bugs affect the Netgear Orbi Router RBR750, which is part of the manufacturer’s Orbi Mesh offering.

Four leaks

The bugs themselves are serious: the first (CVE-2022-37337) has a score of 9.1, making it critical. The flaw allows an attacker to run their own code on the routers. To do this, a hacker must first connect to the device’s WiFi network. From then on it is possible to take over the device via special HTTP requests.

Two other errors are slightly less critical. CVE-2022-38458 and CVE-2022-36429 also allow attackers to run their own code, but the vulnerabilities are a bit more complex to exploit. The latter requires an attacker to send a series of packets to gain access to the Netgear Orbi Satellite Routers backend. The first flaw enables a man-in-the-middle attack.

Finally, there is the CVE-2022-38452 vulnerability. This is a bug in the telnet functionality of the Netgear Orbi system. This error is related to a hidden debug page where you can turn telnet on and off. Netgear removed the page, but it’s still possible to exploit the flaw via a special packet targeting UDP port 23.

patch available

NETGEAR released a patch for the three previous bugs in the Orbi satellite routers in January. After a long wait, Cisco Talos has now released the code that indicates how the four flaws can be exploited. This implies that attackers also have the building blocks to crack the systems. Anyone who has not yet done so would do well to update their Netgear Orbi Satellite Mesh immediately.