Article Details
Scrape Timestamp (UTC): 2024-07-12 15:40:01.182
Original Article Text
Click to Toggle View
Netgear warns users to patch auth bypass, XSS router flaws. Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn't disclose any details regarding this bug, successful attacks exploiting such weaknesses can let threat actors hijack user sessions, redirect users to malicious sites or display fake login forms, and steal restricted information. They can also perform actions with the compromised user's permissions, an especially dangerous scenario if the user has administrative privileges on the targeted device. The authentication bypass security bug (fixed in firmware version 2.2.2.2 and tracked as PSV-2023-0138) impacts CAX30 Nighthawk AX6 6-Stream cable modem routers. Even though Netgear hasn't shared any information regarding this vulnerability either, such flaws are usually tagged as maximum severity since they can provide attackers with unauthorized access to the administrative interface and can result in a complete takeover of the targeted devices. A Netgear spokesperson was not immediately available to share more details regarding the two security flaws when BleepingComputer reached out earlier today. How to update your router's firmware In security advisories published on Wednesday, Netgear said it "strongly recommends that you download the latest firmware as soon as possible." To download and install the latest firmware for your Netgear router, you have to go through the following steps: "NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification," the company added. Last month, security researchers disclosed half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a popular router among home users and small businesses. Since this router model reached end-of-life and is no longer supported by Netgear, the company will not release security patches and advised users to replace the router or apply mitigation measures to block potential attacks.
Daily Brief Summary
Netgear advises users to update their routers' firmware to patch critical vulnerabilities affecting multiple WiFi 6 router models.
The stored XSS flaw (PSV-2023-0122), fixed in firmware version 1.0.0.72, affects the XR1000 Nighthawk gaming router and could allow attackers to hijack user sessions and steal data.
An authentication bypass issue (PSV-2023-0138), resolved in firmware version 2.2.2.2, impacts the CAX30 Nighthawk AX6 6-Stream cable modem routers, potentially permitting unauthorized administrative access.
Both vulnerabilities pose significant security risks, especially the authentication bypass which could lead to a complete takeover of the device.
A spokesperson from Netgear was unavailable for comment when additional details of the flaws were sought by the press.
Users affected by the flaws are strongly urged by Netgear to download and install the latest firmware updates as a preventive measure against potential attacks.
Netgear also cautioned users of the WNR614 N300 router about multiple vulnerabilities, recommending replacement due to the lack of support for this end-of-life model.