Jump to content
  • Netgear warns users to patch auth bypass, XSS router flaws


    Karlston

    • 288 views
    • 3 minutes
     Share


    • 288 views
    • 3 minutes
     

    Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models.

     

    The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router.

     

    While the company didn't disclose any details regarding this bug, successful attacks exploiting such weaknesses can let threat actors hijack user sessions, redirect users to malicious sites or display fake login forms, and steal restricted information.

     

    They can also perform actions with the compromised user's permissions, an especially dangerous scenario if the user has administrative privileges on the targeted device.

     

    The authentication bypass security bug (fixed in firmware version 2.2.2.2 and tracked as PSV-2023-0138) impacts CAX30 Nighthawk AX6 6-Stream cable modem routers.

     

    Even though Netgear hasn't shared any information regarding this vulnerability either, such flaws are usually tagged as maximum severity since they can provide attackers with unauthorized access to the administrative interface and can result in a complete takeover of the targeted devices.

     

    A Netgear spokesperson was not immediately available to share more details regarding the two security flaws when BleepingComputer reached out earlier today.

    How to update your router's firmware

    In security advisories published on Wednesday, Netgear said it "strongly recommends that you download the latest firmware as soon as possible."

     

    To download and install the latest firmware for your Netgear router, you have to go through the following steps:

     

    1. Visit NETGEAR Support.
    2. Start by entering your model number in the search box. Then, choose your model from the drop-down menu when it appears.
    3. If you do not see a drop-down menu, make sure you have entered your model number correctly or select a product category to browse for your product model.
    4. Click Downloads.
    5. Under Current Versions, select the first download whose title begins with Firmware Version.
    6. Click Download.
    7. To install the new firmware, follow the instructions in your product's user manual, firmware release notes, or product support page.

     

    "NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification," the company added.

     

    Last month, security researchers disclosed half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a popular router among home users and small businesses.

     

    Since this router model reached end-of-life and is no longer supported by Netgear, the company will not release security patches and advised users to replace the router or apply mitigation measures to block potential attacks.

     

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of June): 2,839 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...