- Netgear found two deficiencies that affected WiFi access points and routers
- To mitigate them released the new firmware to the devices
- The company encouraged users to apply the correction as soon as possible
Netgear has recently confirmed a number of vulnerabilities to critical difficulty that plagues multiple access points and routers.
Since the errors can be exploited in attacks that do not require any user interaction and could result in external code execution (RCE), Netgear urged its customers to use the released corrections without delay.
A NetGear Security Advisory noted that the two shortcomings are internally tracked as PSV-2023-0039 (a remote code performance error) and PSV-2021-0017 (a approval city pass error). They affect these WiFi 6 access points and Nighthawk Pro Gaming Routers: XR1000, XR1000V2, XR500, WAX206, WAX220 and WAX214V2.
When out to life status
“Netgear strongly recommends that you download the latest firmware as soon as possible,” the company said in security counseling before giving a step-by-step tutorial on how to download and install the latest firmware for Netgear routers.
“Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this review,” it warned.
Internet routers and WiFi accessories are among the most affected devices because they act as the gateway between a local network and the Internet. They are also often considered a “low hanging fruit” in cyberattacks, as many have standard information, outdated firmware or weak security configurations. In many cases, users store their devices past their end date of life, lose support and expose themselves to known vulnerabilities.
Attackers can use compromised routers for botnets, male-in-mid-mid-attack, DNS-flags or data interception. As routers work 24/7 and control network traffic, an attacker who gets control can redirect users to malicious sites, steal credentials or implement malware across networks.
Because of its popularity, Netgear is a popular target for hackers. In June 2024, a popular budget -friendly Netgear Small Business Router was found vulnerable to half a dozen deficiencies that could lead to theft of sensitive information and possibly even full device takeover. The device reached its end of life, so Netgear doesn’t bother to release a patch.
