- Netgear found two flaws affecting WiFi access points and routers
- To mitigate them, it released new firmware for the devices
- The company urged users to apply the fix as soon as possible
Netgear has confirmed recently fixed a number of critical-severity vulnerabilities, plaguing multiple access points and routers.
Since the bugs can be exploited in attacks requiring no user interaction, and could result in remote code execution (RCE), Netgear urged its customers to apply the released fixes without delay.
A Netgear security advisory noted the two flaws are internally tracked as PSV-2023-0039 (a remote code execution flaw), and PSV-2021-0017 (an authentication bypass flaw). They affect these WiFi 6 access points and Nighthawk Pro Gaming Routers: XR1000, XR1000v2, XR500, WAX206, WAX220, and WAX214v2.
Reaching end-of-life status
“NETGEAR strongly recommends that you download the latest firmware as soon as possible,” the company said in the security advisory, before giving a step-by-step tutorial on how to download and install the latest firmware for Netgear routers.
“NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification,” it warned.
Internet routers and WiFi access points are among the most attacked devices because they serve as the gateway between a local network and the internet. They are also often considered a “low hanging fruit” in cyberattacks, since many have default credentials, outdated firmware, or weak security configurations. In many instances, users keep their devices past their end-of-life date, losing support and exposing themselves to known vulnerabilities.
Attackers can use compromised routers for botnets, man-in-the-middle attacks, DNS hijacking, or data interception. Since routers operate 24/7 and control network traffic, an attacker who gains control can redirect users to malicious sites, steal credentials, or deploy malware across networks.
Due to its popularity, Netgear is a popular target for hackers. In June 2024, a popular budget-friendly Netgear small business router was found vulnerable to half a dozen flaws that could lead to the theft of sensitive information, and possibly even full device takeover. The device reached its end-of-life, so Netgear did not bother releasing a patch.
Leave a comment