Netgear has issued a critical security advisory urging users of specific router models to take immediate action by updating their firmware. The affected devices include the XR1000 Nighthawk gaming router and the CAX30 Nighthawk AX6 6-Stream cable modem routers. These updates are essential as they address significant vulnerabilities, notably stored cross-site scripting (XSS) and authentication bypass flaws, which could potentially compromise user security and device integrity.
The stored XSS vulnerability, fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122, exposes users to risks such as malicious script injection into web pages accessed through the router’s interface. Exploitation of this flaw could enable attackers to hijack user sessions, redirect them to malicious websites, or present fake login forms to steal sensitive information, including login credentials and personal data. This type of attack is particularly concerning for users with administrative privileges, as it could lead to unauthorized actions performed under compromised user permissions.
Similarly, the authentication bypass vulnerability, fixed in firmware version 2.2.2.2 and tracked as PSV-2023-0138, poses a severe risk by potentially granting attackers unauthorized access to the administrative interface of the affected routers. Successful exploitation of this vulnerability could allow threat actors to gain full control over the device, compromising network security and privacy.
In response to these vulnerabilities, Netgear has emphasized the urgency of applying the latest firmware updates. Users are strongly advised to visit Netgear’s support website immediately to download the necessary updates and follow the provided instructions for installation. This proactive measure is crucial in mitigating the identified security risks and safeguarding against potential exploitation that could compromise the integrity of their network environments.
For users of routers that have reached end-of-life, such as the Netgear WNR614 N300, which are no longer supported with security updates, Netgear recommends considering router replacement or implementing additional security measures to mitigate potential risks. This approach helps users maintain a secure network infrastructure, protecting against evolving cybersecurity threats in both home and small business environments.
Reference:
