SS7
Netgear advises customers to fix a recently discovered WiFi router bug
Netgear fixed the high-severity flaw that affected multiple WiFi router models. Customers were advised to upgrade to the most current firmware as soon possible.
This flaw affects multiple and ) router models.
Netgear didn’t disclose the exact component that was affected or what its impact would be, but it stated it as a pre-authentication buffer overload vulnerability.
A successful exploitation could result in crashes or denial-of-service attacks, as well as arbitrary code execution if the code execution occurs during an attack.
This flaw can be exploited by attackers in low-complexity attacks, without the need for permissions or interaction from users.
Netgear published a security advisory on Wednesday that stated it strongly recommends downloading the most recent firmware “as soon as you can.”
Below is a table listing vulnerable routers as well as the updated firmware versions.
|
Vulnerable Netgear router |
Version |
|
RAX40 |
Firmware version 1.0.2.60 |
|
RAX35 |
Firmware version 1.0.2.60 |
|
R6400v2 |
Firmware version 1.0.4.122 |
|
R6700v3 |
Firmware version 1.0.4.122 |
|
R6900P |
Firmware version 1.3.3.152 |
|
R7000P |
Firmware version 1.3.3.152 |
|
R7000P |
Firmware version 1.0.11.136 |
|
R7960P |
Firmware version 1.4.4.94 |
|
R8000P |
Firmware version 1.4.4.94 |
How to upgrade your router’s firmware
These steps will help you download the most recent firmware for your Netgear router.
- Visit .
- Type your model number into the search box. Once it is found, select the model you want from the drop-down list.
- You may not be able to see the drop-down menu if you have entered incorrectly your model number or selected a product category in order to search for your product model.
- You can click download.
- Select the Latest Versions download that has the title Firmware version.
- Click Release notes.
- To download the latest firmware, follow the steps in the firmware release notes.
that there is a pre-authentication buffer overload vulnerability if the steps are not followed.
“NETGEAR cannot be held responsible for consequences which could have been prevented by following this notification.”
BleepingComputer reached out to Netgear earlier today, but they were unable to comment immediately.
Netgear Wednesday to fix a second vulnerability. This can trigger an attack against Wireless AC Nighthawk or Wireless AX Nighthawk (WiFi 6 routers) routers.
Netgear earlier this year that was preventing customers access to their device’s admin consoles.