A remote unauthenticated attacker can execute arbitrary commands as root on affected routers. The vulnerability, if exploited, could allow hackers to change router settings, hijack network traffic, steal information, and even leverage infected devices to launch attacks against other networks and devices connected to them.
A group of security researchers found the unauthenticated remote code execution (RCE) flaw and characterized it in terms of how simple the exploit process is. At worst, an attacker can take full control without any login credentials, a huge risk to any home or small business network using the NETGEAR routers in question.
The vulnerability affects several NETGEAR devices, including its XR series routers and WAX series access points. NETGEAR has confirmed the critical vulnerability and published firmware patches to mitigate the vulnerability in impacted devices. All users of the affected products should apply the latest available software updates for their deployed firmware.
Users will need to update their firmware by going to NETGEAR‚s official support website so they can find their specific router model and download and install the firmware update. NETGEAR is also recommending those users capable of doing so turn on automatic updating of firmware so they can receive fixes in a more timely manner moving forward.
These updates are deemed critical, security experts say, and networks remain easy targets for all sorts of cyber threats when they are not applied. Once a router is compromised, attackers can monitor all internet activity you do, steal your passwords and financial information, and even attack other devices in your network, such as your computers, smartphones, smart locks, and IoT gadgets.
Aside from applying firmware updates, users are also recommended to adopt common security precautions for their routers, such as setting strong, unique passwords for both the Wi-Fi network and the administrative interface of the router, disabling remote management if it is not being used, and ensuring all other connected devices are up to date with security patches.
This new hole serves as a reminder that network infrastructure needs patching, too. Good advice is for users to make sure they’re installing updated firmware from their router vendors to safeguard their networks from new online threats. NETGEAR has released a security advisory asking affected customers to take preventive measures.
