Article Details

Netgear warns users to patch critical WiFi router vulnerabilities. Netgear has fixed two critical vulnerabilities affecting multiple WiFi router models and urged customers to update their devices to the latest firmware as soon as possible. The security flaws impact multiple WiFi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500). Although the American computer networking company did not disclose more details about the two bugs, it did reveal that unauthenticated threat actors can exploit them for remote code execution (tracked internally as PSV-2023-0039) and authentication bypass (PSV-2021-0117) in low-complexity attacks that don't require user interaction. "NETGEAR strongly recommends that you download the latest firmware as soon as possible," the company said in security advisories published over the weekend. The table below lists all vulnerable router models and the firmware versions with security patches. To download and install the latest firmware for your Netgear router, you have to go through the following steps: "The unauthenticated RCE vulnerability remains if you do not complete all recommended steps," the company warned on Saturday. "NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification." A Netgear spokesperson was not available for comment when contacted by BleepingComputer for more information on the two security flaws. In July, Netgear also urged customers to update to the latest firmware immediately to patch stored cross-site scripting (XSS) and authentication bypass vulnerabilities impacting several WiFi 6 router models. One month earlier, security researchers disclosed six flaws of varying severity levels in Netgear WNR614 N300, an end-of-life router popular among home users and small businesses.