NETGEAR has recently addressed two critical security vulnerabilities affecting its products, which, if exploited, could allow unauthenticated attackers to execute arbitrary code or remotely exploit devices. These vulnerabilities impact multiple models, including the XR series routers and WAX series access points. Given the high severity of these vulnerabilities, with Common Vulnerability Scoring System (CVSS) scores of 9.8 and 9.6, users are strongly advised to update their devices immediately to the latest firmware versions to prevent potential cyber threats.
The vulnerabilities impact several NETGEAR devices and could allow remote attackers to take control of the affected routers and access points without requiring authentication. Such security flaws are particularly concerning as they can be leveraged for malicious activities, including data theft, network disruption, and unauthorized surveillance.
NETGEAR has released fixes for the unauthenticated remote code execution (RCE) security vulnerability affecting the following models:
NETGEAR strongly recommends that all users of these models download and install the latest firmware as soon as possible.
To ensure your NETGEAR device is secure, follow these steps to update your firmware:
Keeping your firmware updated is essential to maintaining the security and functionality of your device.
Given these risks, failing to apply the recommended firmware updates could leave users vulnerable to cyber threats, including botnet infections, malware deployment, and unauthorized access to sensitive information.
NETGEAR has released a security advisory under the identifier PSV-2023-0039, urging all affected users to take immediate action. Although no official CVE (Common Vulnerabilities and Exposures) IDs have been assigned, the company acknowledges the seriousness of these security issues.
The vulnerabilities were identified and reported through BugCrowd, a well-known security research platform specializing in vulnerability discovery and responsible disclosure. NETGEAR has rated the vulnerabilities as critical, with the CVSS score breakdown as follows:
To enhance security and prevent similar threats in the future, users should follow these best practices:
NETGEAR’s prompt response and security advisory highlight the need for users to remain vigilant and prioritize regular firmware updates to protect against emerging threats. By taking the recommended steps, users can safeguard their devices from unauthorized access and maintain the integrity of their network security.
https://jocert.ncsc.jo/EN/ListDetails/Security_Alerts__Advisorites/1203/93
Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.