Netgear has issued a patch for a high-severity vulnerability found in almost a dozen of its Wi-Fi routers (opens in new tab) and urged its users to apply the fix immediately.
Given the destructive potential of the flaw, Netgear did not disclose the details, other than saying that it’s a pre-authentication buffer overflow vulnerability, which could be used for all kinds of malicious activity, from crashing the device after a denial of service, to arbitrary code execution.
To abuse the vulnerability, the attackers do not need user permission or user interaction. The flaw can be used in low-complexity attacks, it was said.
Pre-authentication buffer overflow
Issuing a security advisory (opens in new tab) about the flaw, Netgear said it “strongly recommends” users download and install the latest firmware as soon as possible.
“The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps,” Netgear added. “Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this notification.”
The list of all of the affected devices, which includes multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC models, can be found on this link (opens in new tab).
Those looking to patch up their routers should navigate to the Netgear Support (opens in new tab) website, and type in their Wi-Fi router’s model number in the search box. Once the right version is identified, press Downloads, and under Current Versions, select the first download with “Firmware Version” in the beginning of the title.
Detailed instructions on how to apply the fix can be found in the Release Notes file accompanying the firmware download.
Wi-Fi routers are a popular target for cybercriminals due to the fact that all of a user’s traffic must go through the device. What’s more, users rarely change the factory settings, and update the firmware even less frequently.
- These are the best firewalls (opens in new tab) right now
Via: BleepingComputer (opens in new tab)