Netgear reports critical flaws in WiFi routers, advises urgent patch
Take action: If you are running NETGEAR WiFi routers, check the advisory and update your routers IMMEDIATELY. Don't delay this one, the flaws are very easily exploitable.
Learn More
NETGEAR has disclosed multiple critical security vulnerabilities affecting several WiFi 6 access points and Nighthawk Pro Gaming router models. The vulnerabilities are very concerning as they require low complexity to exploit and don't need user interaction, potentially allowing attackers to gain unauthorized access to affected devices.
- PSV-2023-0039 (CVSS score not disclosed) - Remote Code Execution vulnerability affecting multiple router models, allowing unauthenticated attackers to execute code remotely with no user interaction required
- PSV-2024-0117 (CVSS score 9.6) - Authentication Bypass vulnerability
The affected devices include:
- WAX206 (patched in firmware version 1.0.5.3)
- WAX214v2 (patched in firmware version 1.0.2.5)
- WAX220 (patched in firmware version 1.0.5.3)
- XR1000 (patched in firmware version 1.0.0.74)
- XR1000v2 (patched in firmware version 1.1.0.22)
- XR500 (patched in firmware version 2.3.2.134)
NETGEAR has released security patches for all affected devices and strongly recommends immediate firmware updates. The company emphasizes that the vulnerabilities remain exploitable if users don't complete all recommended update steps.
The patches can be obtained through the NETGEAR Support website or through official NETGEAR mobile apps including the NETGEAR Orbi app, NETGEAR Nighthawk app, or NETGEAR Insight app for business products.
