Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them.
Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware.
The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability.
An unauthenticated attacker could exploit both vulnerabilities without user interaction.
The unauthenticated RCE security vulnerability PSV-2023-0039 impacts the following product models:
- XR1000, the issue was fixed in firmware version 1.0.0.74
- XR1000v2, the issue was fixed in firmware version 1.1.0.22
- XR500, the issue was fixed in firmware version 2.3.2.134
“NETGEAR strongly recommends that you download the latest firmware as soon as possible.” reads the advisory.
The authentication bypass security vulnerability PSV-2021-0117 impacts the following product models:
- WAX206, the issue was fixed in firmware version 1.0.5.3
- WAX220, the issue was fixed in firmware version 1.0.3.5
- WAX214v2, the issue was fixed in firmware version 1.0.2.5
Download the latest firmware for your NETGEAR product from the official website:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model. - Click Downloads.
- Under Current Versions, select the download whose title begins with Firmware Version.
- Click Download.
- Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, NETGEAR)