Netgear has released patches for high-severity vulnerabilities found in nearly a dozen of its Wi-Fi routers (opens in a new tab) And urges its users to apply the fix immediately.
Given the destructive potential of the vulnerability, Netgear declined to share details other than to say that it is a pre-authentication buffer overflow vulnerability that could be used for a variety of malicious activities, from crashing devices after a denial of service, to arbitrary code execution.
To abuse this vulnerability, an attacker would not require user permission or user interaction. The vulnerability is said to be exploitable for low-complexity attacks.
Preauth Buffer Overflow
Issue a Security Bulletin (opens in a new tab) Regarding the vulnerability, Netgear said it “strongly recommends” users to download and install the latest firmware as soon as possible.
“If you don’t complete all recommended steps, the preauth buffer overflow vulnerability remains,” Netgear added. “Netgear is not responsible for any consequences that could have been avoided by following the advice in this notice.”
A list of all affected devices, including multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC models, is available at this link (opens in a new tab).
Those looking to tinker with their routers should navigate to Netgear Support (opens in a new tab) website and enter the model number of its Wi-Fi router in the search box. Once you’ve identified the correct version, press Downloads, and under Current Version, select the first download with “Firmware Version” at the beginning of the title.
See the Release Notes file included with the firmware download for detailed instructions on how to apply the fix.
Wi-Fi routers are popular targets for cybercriminals because all of a user’s traffic must pass through the device. Not to mention that users rarely change factory settings, let alone update firmware.
pass: Beep computer (opens in a new tab)