Netgear has released a patch for a high-severity vulnerability found in nearly a dozen of its Wi-Fi routers (opens in a new tab) and urged its users to apply the fix immediately.
Given the destructive potential of the vulnerability, Netgear has not released details beyond stating that it is a pre-authentication buffer overflow vulnerability that could be exploited for all sorts of malicious activities, from device failure after denial of service to arbitrary code execution.
Attackers do not need user permission or interaction to exploit this vulnerability. The vulnerability is said to be exploitable in low-complexity attacks.
Buffer overflow before authentication
Issuance of safety advice (opens in a new tab) about the vulnerability, Netgear said it “strongly recommends” users download and install the latest firmware as soon as possible.
“The pre-authentication buffer overflow vulnerability remains if you do not follow all recommended steps,” added Netgear. “Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this notice.”
A list of all affected devices, including multiple models of Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6) and Wireless AC, can be found at this link (opens in a new tab).
Those who want to patch their routers should go to the site Netgear support (opens in a new tab) website and enter the model number of your Wi-Fi router in the search box. Once you’ve identified the correct version, tap Downloads and in the Current Versions section, select the first version you downloaded with “Firmware Version” at the beginning of the title.
Detailed instructions on how to apply the fix can be found in the Release Notes included with the firmware download.
Wi-Fi routers are a popular target for cybercriminals due to the fact that all user traffic must go through the device. What’s more, users rarely change the factory settings, and even less often update the firmware.
Through: Beeping Computer (opens in a new tab)