Vulnerabilities in Netgear Products (AL01/250203/CSIRT-ITA)

Summary

Two new security vulnerabilities with a severity of “critical” have been discovered affecting Netgear products. These vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted devices.

Note: The vendor states that the vulnerability for the “WAX” series devices is actively being exploited on the network.

Risk

Vulnerability Community Impact Estimation: High (71.02)

Type

• Remote Code Execution

Affected Products and Versions

Netgear

• XR1000, versions prior to 1.0.0.74
• XR1000v2, versions prior to 1.1.0.22
• XR500, versions prior to 2.3.2.134
• WAX206, versions prior to 1.0.5.3
• WAX220, versions prior to 1.0.3.5
• WAX214v2, versions prior to 1.0.2.5

Mitigation Actions

In line with vendor statements, it is recommended to update products by following the instructions available at the links in the References section.

References

https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039

https://kb.netgear.com/000066557/Security-Advisory-for-Remote-Exploitation-on-Some-Wireless-Access-Points-PSV-2021-0117

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.