51/68 Thursday, February 6, 2025
Netgear has disclosed two critical vulnerabilities affecting multiple WiFi router models. These vulnerabilities, identified as PSV-2023-0039 and PSV-2021-0117, have prompted the company to urge customers to update their firmware immediately to mitigate security risks. The vulnerabilities include a Remote Code Execution (RCE) flaw and an Authentication Bypass issue, both of which could be exploited by unauthorized attackers without requiring any user interaction.
The PSV-2023-0039 vulnerability, related to remote code execution, affects the XR1000, XR1000v2, and XR500 router models. The issue has been patched in firmware versions 1.0.0.74, 1.1.0.22, and 2.3.2.134, respectively. Meanwhile, the PSV-2021-0117 vulnerability, which involves authentication bypass, impacts the WAX206, WAX220, and WAX214v2 router models. Netgear has addressed this issue in firmware versions 1.0.5.3, 1.0.3.5, and 1.0.2.5, respectively. Users are strongly advised to download and install the latest firmware updates immediately to protect their devices from potential cyberattacks.
Users can obtain the latest firmware updates from Netgear’s official website by visiting the NETGEAR Support page, searching for their router model, and downloading the latest firmware version under the “Current Versions” section. Installation instructions are provided in the user manual or product support page. Netgear emphasizes the importance of firmware updates to maintain network security and safeguard user data against potential cyber threats.
Source https://securityaffairs.com/173839/security/netgear-wifi-routers-flaws.html
