Netgear has mounted two essential vulnerabilities affecting a number of WiFi router fashions and urged prospects to replace their gadgets to the most recent firmware as quickly as potential.
The security flaws impression a number of WiFi 6 entry factors (WAX206, WAX214v2, and WAX220) and Nighthawk Professional Gaming router fashions (XR1000, XR1000v2, XR500).
Though the American laptop networking firm didn’t disclose extra particulars concerning the two bugs, it did reveal that unauthenticated risk actors can exploit them for distant code execution (tracked internally as PSV-2023-0039) and authentication bypass (PSV-2021-0117) in low-complexity assaults that do not require consumer interplay.
“NETGEAR strongly recommends that you just obtain the most recent firmware as quickly as potential,” the corporate stated in security advisories printed over the weekend.
The desk under lists all weak router fashions and the firmware variations with security patches.
| Weak Netgear router | Patched firmware model |
| XR1000 | Firmware model 1.0.0.74 |
| XR1000v2 | Firmware model 1.1.0.22 |
| XR500 | Firmware model 2.3.2.134 |
| WAX206 | Firmware model 1.0.5.3 |
| WAX220 | Firmware model 1.0.5.3 |
| WAX214v2 | Firmware model 1.0.2.5 |
To obtain and set up the most recent firmware on your Netgear router, you need to undergo the next steps:
- Go to NETGEAR Help.
- Begin typing your mannequin quantity within the search field, then choose your mannequin from the drop-down menu as quickly because it seems.
- If you don’t see a drop-down menu, make sure you entered your mannequin quantity appropriately or choose a product class to browse on your product mannequin.
- Click on Downloads.
- Beneath Present Variations, choose the primary obtain whose title begins with Firmware Model.
- Click on Launch Notes.
- Comply with the directions within the launch notes to obtain and set up the brand new firmware.
“The unauthenticated RCE vulnerability stays if you don’t full all beneficial steps,” the corporate warned on Saturday.
“NETGEAR shouldn’t be chargeable for any penalties that would have been prevented by following the suggestions on this notification.”
A Netgear spokesperson was not accessible for remark when contacted by BleepingComputer for extra info on the 2 security flaws.
In July, Netgear additionally urged prospects to replace to the most recent firmware instantly to patch saved cross-site scripting (XSS) and authentication bypass vulnerabilities impacting a number of WiFi 6 router fashions.
One month earlier, security researchers disclosed six flaws of various severity ranges in Netgear WNR614 N300, an end-of-life router widespread amongst dwelling customers and small companies.
