Associated CVE IDs: None
NETGEAR has released fixes for a command injection security vulnerability in the following applications:
- ReadyNAS Surveillance versions prior to 1.4.3-17 (x86)
- ReadyNAS Surveillance versions prior to 1.1.4-7 (ARM)
NETGEAR strongly recommends that you update to the latest version of the ReadyNAS Surveillance application as soon as possible. For more information, visit apps.readynas.com.
Disclaimer
The command injection vulnerability remains if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
Acknowledgements
Kacper Szurek via SecuriTeam
Common Vulnerability Scoring System
CVSS v3 Rating: High
CVSS v3 Score: 8.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Contact
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit http://www.netgear.com/about/security/.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
Revision History
2017-10-8: Updated Acknowledgements section
2017-09-28: Published advisory
Last Updated:10/08/2017
|
Article ID: 000049072