NETGEAR, an American computer networking company, recently addressed two critical vulnerabilities that could allow threat actors to gain unauthorized access to home networks.
The company has issued a critical security advisory urging users to update their Wi-Fi routers to the latest firmware immediately.
The two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, affect multiple Wi-Fi 6 access points (WAX206, WAX214v2, and WAX220) and Nighthawk Pro Gaming router models (XR1000, XR1000v2, XR500).
While the PSV-2023-0039 (CVSS score: 9.8) vulnerability could enable unauthenticated threat actors to exploit the flaw for remote code execution (RCE), the PSV-2021-0117 (CVSS score: 9.6) vulnerability could be exploited for authentication bypass in low-complexity attacks without user interaction.
The following product models are affected by the unauthenticated RCE security vulnerability PSV-2023-0039, that were patched in the versions given below:
- XR1000 – fixed in firmware version 1.0.0.74
- XR1000v2 – fixed in firmware version 1.1.0.22
- XR500 – fixed in firmware version 2.3.2.134
“NETGEAR strongly recommends that you download the latest firmware as soon as possible,” reads the advisory published on Saturday.
Further, the following product models are impacted by the authentication bypass security vulnerability PSV-2021-0117, which was patched in the versions shown below:
- WAX206 – fixed in firmware version 1.0.5.3
- WAX220 – fixed in firmware version 1.0.3.5
- WAX214v2 – in firmware version 1.0.2.5
You can follow the steps mentioned below to download and install the latest firmware for your NETGEAR product:
- Visit the NETGEAR Support
- Please enter your model number in the search box, then select your model from the drop-down menu as soon as it appears. If a drop-down menu does not appear, check that you have entered your model number correctly or select a product category to find your product model.
- Click Downloads.
- Under Current Versions, choose the download whose title begins with Firmware Version.
- Click Download.
- Follow the instructions provided in your product’s user manual, firmware release notes, or product support page.
“The unauthenticated RCE vulnerability remains if you do not complete all recommended steps,” the company warned on Saturday. “NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.”
Users are advised to visit NETGEAR’s official support page to determine if their router is affected and download the necessary updates.
To ensure your network remains secure, it is recommended that you regularly update your router’s firmware to protect against emerging security threats.
