Netgear Wi-Fi routers need to be patched immediately

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Netgear has issued a patch for a high-severity vulnerability found in almost a dozen of its Wi-Fi routers and urged its users to apply the fix immediately. 

Given the destructive potential of the flaw, Netgear did not disclose the details, other than saying that it’s a pre-authentication buffer overflow vulnerability, which could be used for all kinds of malicious activity, from crashing the device after a denial of service, to arbitrary code execution.

To abuse the vulnerability, the attackers do not need user permission or user interaction. The flaw can be used in low-complexity attacks, it was said.

Pre-authentication buffer overflow

Issuing a security advisory about the flaw, Netgear said it “strongly recommends” users download and install the latest firmware as soon as possible.

"The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps," Netgear added. "Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this notification."

The list of all of the affected devices, which includes multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC models, can be found on this link.

Those looking to patch up their routers should navigate to the Netgear Support website, and type in their Wi-Fi router’s model number in the search box. Once the right version is identified, press Downloads, and under Current Versions, select the first download with “Firmware Version” in the beginning of the title.

Detailed instructions on how to apply the fix can be found in the Release Notes file accompanying the firmware download. 

Wi-Fi routers are a popular target for cybercriminals due to the fact that all of a user's traffic must go through the device. What’s more, users rarely change the factory settings, and update the firmware even less frequently. 

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS