Netgear recently issued 50 patches for its routers, switches, NAS devices, and wireless access points to resolve vulnerabilities ranging from remote code execution bugs to authentication bypass flaws.
Twenty of the patches address “high” vulnerability issues with the remaining 30 scored as “medium” security risks. Netgear posted advisories for the bugs to its website over the last two weeks.
Network security firm Beyond Security is credited by Netgear for discovering several of the vulnerabilities patched last week. One of the issues was a command injection vulnerability in the ReadyNAS Surveillance Application running on versions prior to 1.4.3-17 (x86) and 1.1.4-7 (ARM). A command injection attack can execute arbitrary commands on host operating systems via vulnerable applications that facilitate the passing of unsafe user supplied data (forms, cookies, HTTP headers) to a system shell.