Netgear warned prospects to replace their units to the most recent accessible firmware, which patches saved cross-site scripting (XSS) and authentication bypass vulnerabilities in a number of WiFi 6 router fashions.
The saved XSS safety flaw (mounted in firmware model 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router.
Whereas the corporate did not disclose any particulars relating to this bug, profitable assaults exploiting such weaknesses can let menace actors hijack consumer periods, redirect customers to malicious websites or show pretend login varieties, and steal restricted info.
They’ll additionally carry out actions with the compromised consumer’s permissions, an particularly harmful state of affairs if the consumer has administrative privileges on the focused system.
The authentication bypass safety bug (mounted in firmware model 2.2.2.2 and tracked as PSV-2023-0138) impacts CAX30 Nighthawk AX6 6-Stream cable modem routers.
Although Netgear hasn’t shared any info relating to this vulnerability both, such flaws are often tagged as most severity since they’ll present attackers with unauthorized entry to the executive interface and can lead to an entire takeover of the focused units.
A Netgear spokesperson was not instantly accessible to share extra particulars relating to the 2 safety flaws when BleepingComputer reached out earlier in the present day.
The right way to replace your router’s firmware
In safety advisories revealed on Wednesday, Netgear mentioned it “strongly recommends that you simply obtain the most recent firmware as quickly as doable.”
To obtain and set up the most recent firmware on your Netgear router, it’s important to undergo the next steps:
- Go to NETGEAR Support.
- Begin by getting into your mannequin quantity within the search field. Then, select your mannequin from the drop-down menu when it seems.
- If you don’t see a drop-down menu, be sure to have entered your mannequin quantity appropriately or choose a product class to browse on your product mannequin.
- Click on Downloads.
- Underneath Present Variations, choose the primary obtain whose title begins with Firmware Model.
- Click on Obtain.
- To put in the brand new firmware, comply with the directions in your product’s consumer guide, firmware launch notes, or product help web page.
“NETGEAR is just not answerable for any penalties that would have been averted by following the suggestions on this notification,” the corporate added.
Final month, safety researchers disclosed half a dozen vulnerabilities of various severity impacting Netgear WNR614 N300, a preferred router amongst dwelling customers and small companies.
Since this router mannequin reached end-of-life and is now not supported by Netgear, the corporate is not going to launch safety patches and suggested customers to interchange the router or apply mitigation measures to dam potential assaults.
