Fortinet Discovers Netgear Orbi Denial of Service in SOAP handler
Fortinet's FortiGuard Labs has discovered post authentication command injection in Netgear routers.
Netgear is a global computer networking company based in San Jose, California, in the United States. It produces networking hardware for consumers, businesses, and service providers
The routers are vulnerable to denial of service (DoS) when handling Simple Object Access Protocol (SOAP) request. The SOAP handler does not properly validate HTTP cookie that is used in user authentication when sending SOAP request
Users should apply the latest update from the vendor
Fortinet reported the vulnerability to Netgear on 08, May 2018
Netgear confirmed the vulnerability on 10, May 2018
Netgear released patch for the vulnerability on 04, September 2019
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.