Netgear has fastened two vital vulnerabilities affecting a number of WiFi router fashions and urged prospects to replace their units to the most recent firmware as quickly as potential.
The safety flaws influence a number of WiFi 6 entry factors (WAX206, WAX214v2, and WAX220) and Nighthawk Professional Gaming router fashions (XR1000, XR1000v2, XR500).
Though the American pc networking firm didn’t disclose extra particulars in regards to the two bugs, it did reveal that unauthenticated menace actors can exploit them for distant code execution (tracked internally as PSV-2023-0039) and authentication bypass (PSV-2021-0117) in low-complexity assaults that do not require person interplay.
“NETGEAR strongly recommends that you download the latest firmware as soon as possible,” the corporate stated in safety advisories printed over the weekend.
The desk beneath lists all susceptible router fashions and the firmware variations with safety patches.
| Weak Netgear router | Patched firmware model |
| XR1000 | Firmware model 1.0.0.74 |
| XR1000v2 | Firmware model 1.1.0.22 |
| XR500 | Firmware model 2.3.2.134 |
| WAX206 | Firmware model 1.0.5.3 |
| WAX220 | Firmware model 1.0.5.3 |
| WAX214v2 | Firmware model 1.0.2.5 |
To obtain and set up the most recent firmware in your Netgear router, it’s a must to undergo the next steps:
- Go to NETGEAR Assist.
- Begin typing your mannequin quantity within the search field, then choose your mannequin from the drop-down menu as quickly because it seems.
- If you don’t see a drop-down menu, make sure you entered your mannequin quantity accurately or choose a product class to browse in your product mannequin.
- Click on Downloads.
- Beneath Present Variations, choose the primary obtain whose title begins with Firmware Model.
- Click on Launch Notes.
- Comply with the directions within the launch notes to obtain and set up the brand new firmware.
“The unauthenticated RCE vulnerability remains if you do not complete all recommended steps,” the corporate warned on Saturday.
“NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.”
A Netgear spokesperson was not obtainable for remark when contacted by BleepingComputer for extra data on the 2 safety flaws.
In July, Netgear additionally urged prospects to replace to the most recent firmware instantly to patch saved cross-site scripting (XSS) and authentication bypass vulnerabilities impacting a number of WiFi 6 router fashions.
One month earlier, safety researchers disclosed six flaws of various severity ranges in Netgear WNR614 N300, an end-of-life router standard amongst house customers and small companies.
