Netgear is urging customers to update their routers’ firmware as soon as possible. Two critical vulnerabilities put the network’s doors wide open.
Networking specialist Netgear reports two vulnerabilities that could affect several of the company’s routers. The details it is sharing about the vulnerabilities are rather scarce, but Netgear says they are critical. They are vulnerabilities PSV-2024-0117 and PSV-2023-0039, which score 9.6 and 9.8 on the CVSS scale.
PSV-2024-0117 is a security vulnerability that allows external parties to bypass the authentication process. Vulnerable router models are WAX206, WAX220 and WAX214v2. The second vulnerability allows remote execution of malicious code. PSV-2023-0039 affects routers XR1000, XR1000v2 and XR500.
Whether the vulnerabilities are being actively exploited is not known. Netgear also requests not to wait for that and calls for the routers’ firmware to be updated to the latest versions.
Leaky routers and firewalls
The vulnerabilities at Netgear are not isolated cases. The new year is only a month old, but vulnerabilities have already been identified in many brands of routers and network security devices. Routers from Ivanti and Huawei are under active attack, while Juniper Networks routers were found to contain a mysterious backdoor.
Putting a firewall between routers and your devices does not always bring solace. Fortinet suffered a serious leak in its FortiGate firewalls while an old vulnerability returned like a boomerang. Zyxel went completely wrong by sending its own firewalls into a bootloop with a failed update. Network security is under high stress because of all these vulnerabilities.
read also