Article Details
Scrape Timestamp (UTC): 2024-07-12 15:55:33.981
Original Article Text
Click to Toggle View
Netgear warns users to patch auth bypass, XSS router flaws. Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn't disclose any details regarding this bug, successful attacks exploiting such weaknesses can let threat actors hijack user sessions, redirect users to malicious sites or display fake login forms, and steal restricted information. They can also perform actions with the compromised user's permissions, an especially dangerous scenario if the user has administrative privileges on the targeted device. The authentication bypass security bug (fixed in firmware version 2.2.2.2 and tracked as PSV-2023-0138) impacts CAX30 Nighthawk AX6 6-Stream cable modem routers. Even though Netgear hasn't shared any information regarding this vulnerability either, such flaws are usually tagged as maximum severity since they can provide attackers with unauthorized access to the administrative interface and can result in a complete takeover of the targeted devices. A Netgear spokesperson was not immediately available to share more details regarding the two security flaws when BleepingComputer reached out earlier today. How to update your router's firmware In security advisories published on Wednesday, Netgear said it "strongly recommends that you download the latest firmware as soon as possible." To download and install the latest firmware for your Netgear router, you have to go through the following steps: "NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification," the company added. Last month, security researchers disclosed half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a popular router among home users and small businesses. Since this router model reached end-of-life and is no longer supported by Netgear, the company will not release security patches and advised users to replace the router or apply mitigation measures to block potential attacks.
Daily Brief Summary
Netgear has issued a firmware update for multiple WiFi 6 routers to rectify critical vulnerabilities including a stored XSS and an authentication bypass.
The XSS flaw, identified in the XR1000 Nighthawk model, could potentially allow attackers to hijack user sessions or direct users to malicious sites by exploiting the router’s interface.
The authentication bypass issue in the CAX30 Nighthawk AX6 model poses severe threats, enabling unauthorized administrative access and possibly full device control.
Firmware updates correcting these issues are now available and strongly recommended by Netgear for immediate installation.
The advisory highlights serious potential compromises, including session hijacking, privileged actions without consent, and full system takeover.
Users are urged to promptly download the updated firmware versions—1.0.0.72 for XSS vulnerability and 2.2.2.2 for the authentication bypass—to mitigate risks.
Netgear has been in news recently, with another set of vulnerabilities disclosed in the now unsupportable WNR614 N300 model, emphasizing ongoing security challenges.
The company's statement emphasized their non-liability for consequences of not adhering to recommended security measures.