Netgear urges users to patch major router security issues now

cables going into the back of a broadband router on white background
(Image credit: Shutterstock)

  • Netgear found two flaws affecting WiFi access points and routers
  • To mitigate them, it released new firmware for the devices
  • The company urged users to apply the fix as soon as possible

Netgear has confirmed recently fixed a number of critical-severity vulnerabilities, plaguing multiple access points and routers.

Since the bugs can be exploited in attacks requiring no user interaction, and could result in remote code execution (RCE), Netgear urged its customers to apply the released fixes without delay.

A Netgear security advisory noted the two flaws are internally tracked as PSV-2023-0039 (a remote code execution flaw), and PSV-2021-0017 (an authentication bypass flaw). They affect these WiFi 6 access points and Nighthawk Pro Gaming Routers: XR1000, XR1000v2, XR500, WAX206, WAX220, and WAX214v2.

Reaching end-of-life status

"NETGEAR strongly recommends that you download the latest firmware as soon as possible," the company said in the security advisory, before giving a step-by-step tutorial on how to download and install the latest firmware for Netgear routers.

"NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification,” it warned.

Internet routers and WiFi access points are among the most attacked devices because they serve as the gateway between a local network and the internet. They are also often considered a “low hanging fruit” in cyberattacks, since many have default credentials, outdated firmware, or weak security configurations. In many instances, users keep their devices past their end-of-life date, losing support and exposing themselves to known vulnerabilities.

Attackers can use compromised routers for botnets, man-in-the-middle attacks, DNS hijacking, or data interception. Since routers operate 24/7 and control network traffic, an attacker who gains control can redirect users to malicious sites, steal credentials, or deploy malware across networks.

Due to its popularity, Netgear is a popular target for hackers. In June 2024, a popular budget-friendly Netgear small business router was found vulnerable to half a dozen flaws that could lead to the theft of sensitive information, and possibly even full device takeover. The device reached its end-of-life, so Netgear did not bother releasing a patch.

You might also like

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Cyber-security
Juniper Session Smart routers have a critical flaw, so patch now
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
China
Juniper patches security flaws which could have let hackers take over your router
Security
Zyxel says it won’t patch security flaws in its old routers
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
MediaTek
MediaTek reveals host of security vulnerabilities, so patch now
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand