In Steve’s inimitable words, WHAT COULD POSSIBLY GO WRONG?
Cisco’s Talos security team found 4 vulnerabilities in Netgear Orbi kit in August and reported them to Netgear.
Netgear have fixed 3 of the vulnerabilities, but is still working on the 4th. But, because the 90 day deadline has (long) passed, the Talos team hasn’t just published informaiton on the vulnerabilities, they have also released proof of concept code to exploit unpatched (i.e. all) devices.
The unpatched vulnerability allows a user to gain acces to “hidden” Telnet service (in 2023!) on the br-lan interface and execute commands after sending a specially crafted packet.
The other, more critical vulnerabilities, have been patched.