Netgear, Inc the networking hardware producer company, has recently released security fixes for post-authentication command injection vulnerabilities in three of its products and DoS (denial of service) vulnerabilities found in another five of its products.
Netgear, Inc. is a global computer networking organization headquartered in San Jose, California. It produces networking hardware for consumers, businesses, and service providers and operates in the retail, commercial, and service provider sectors.
Netgear releases security fixes:
The security fixes that have been released for the post-authentication command injection security vulnerability for the three products include the Netgear XR450 Wifi Router, the Netgear XR500 Wifi router, and the Netgear WNR2000v5 Wireless Router.
Reportedly, the XR450 Wifi Router running versions prior to V 18.104.22.168, the XR500 Wifi router running versions prior to V 22.214.171.124, and the WNR2000v5 running versions prior to V 126.96.36.199 are the device firmware found to be compromisable in the command injection vulnerability.
The post-authentication command injection vulnerability found on the aforementioned products could have potentially enabled malicious actors to gain escalated privileges and execute malicious code on the devices operating on the vulnerable firmware.
These vulnerabilities addressed by the networking hardware company in the deployed security patch have also scored a high severity rating of 7.3 on the CVSS score.
The security fixes deployed for the Dos vulnerabilities were seemingly addressed for the Netgear D6200 modem router running versions prior to 1.1.00.34, the D7000 modem router running versions prior to 188.8.131.52, and the Netgear JR6150, R6050, and, WNR2020 Wifi routers running versions prior to 184.108.40.206, 220.127.116.11, and 18.104.22.168 respectively.
The DoS vulnerabilities impacting the vulnerable firmware could have jeopardized the products by making them unavailable to their intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
These DoS vulnerabilities have scored a medium severity rating of 6.5 on the CVSS score.
Netgear has recommended all its users update their devices to the latest firmware version as soon as possible to avoid any security hazards posed by vulnerabilities.
Users can follow the recommended steps mentioned on the record published on Netgear’s official website addressing the security fixes updates.
Netgear previously facing firmware vulnerabilities:
Back in mid-2020, Netgear had been reportedly found with similar firmware vulnerabilities with malicious actors employing some rather rudimentary cyber-attack methods to exploit them. The vulnerability was seemingly detected in the device firmware where researchers pointed out that a DNS rebinding attack left the administrative privileges vulnerable.
By inputting a particular text string on two different models, researchers found that they could put the routers into update mode, bypassing the login process for the administrative interface. This completely circumvents the authentication normally required for these routers.
Critical vulnerability detection credits:
These critical vulnerabilities were detected and reported to Netgear by SecureLayer7’s security researcher Touhid Shaikh.