CVE-2022-36429 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-36429?

CVE-2022-36429 has a CVSS score of 7.2 (HIGH). This vulnerability allows remote attackers to execute arbitrary commands on Netgear Orbi Satellite RBS750 devices by sending specially crafted JSON objects to the ubus backend communications functionality. Attackers can achieve remote code execution without authentication, potentially taking full control of affected devices. This affects Netgear Orbi WiFi systems running vulnerable firmware versions.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on Netgear Orbi Satellite RBS750 devices by sending specially crafted JSON objects to the ubus backend communications functionality. Attackers can achieve remote code execution without authentication, potentially taking full control of affected devices. This affects Netgear Orbi WiFi systems running vulnerable firmware versions.

💻 Affected Systems

Products:

Netgear Orbi Satellite RBS750

Versions: Firmware version 4.6.8.5 and earlier

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The ubus backend communications functionality is enabled by default and accessible over the network.

📦 What is this software?

Rbs750 Firmware by Netgear

View all CVEs affecting Rbs750 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Orbi satellite device, allowing attackers to install persistent malware, pivot to other network devices, intercept network traffic, or use the device as part of a botnet.

🟠

Likely Case

Remote code execution leading to device compromise, network reconnaissance, and potential lateral movement within the local network.

🟢

If Mitigated

Limited impact if devices are not internet-facing and network segmentation prevents lateral movement from compromised devices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malicious JSON packets to the ubus service, which is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version 4.6.8.6 and later

Vendor Advisory: https://kb.netgear.com/000065424/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0188

Restart Required: Yes

Instructions:

1. Log into Orbi web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install firmware version 4.6.8.6 or later. 4. Reboot device after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Orbi devices from untrusted networks and restrict access to ubus service ports.

Firewall Rules

all

Block inbound access to Orbi management interfaces from untrusted networks.

🧯 If You Can't Patch

Disable remote management features if not required
Implement strict network segmentation to isolate Orbi devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version via Orbi web interface: Advanced > Administration > Firmware Update. If version is 4.6.8.5 or earlier, device is vulnerable.

Check Version:

Not applicable - use web interface for version check

Verify Fix Applied:

Verify firmware version is 4.6.8.6 or later in the same interface.

📡 Detection & Monitoring

Log Indicators:

Unusual ubus service activity
Unexpected command execution logs
Failed authentication attempts to ubus

Network Indicators:

Malformed JSON packets sent to ubus service ports
Unusual outbound connections from Orbi devices

SIEM Query:

source="orbi" AND (ubus OR json) AND command_execution

📊 Metadata

CVE ID: CVE-2022-36429

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-912

Published: March 21, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-36429, you might also want to check these: