One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8646783 |
| Date de publication | 2025-02-04 10:58:37 (vue: 2025-02-04 11:08:18) |
| Titre | NETGEAR Urges Immediate Firmware Updates for Critical Security Flaws |
| Texte | 
Overview
NETGEAR has recently addressed two critical security vulnerabilities affecting its products, which, if exploited, could allow unauthenticated attackers to execute arbitrary code or remotely exploit devices. These vulnerabilities impact multiple models, including the XR series routers and WAX series access points. Given the high severity of these vulnerabilities, with Common Vulnerability Scoring System (CVSS) scores of 9.8 and 9.6, users are strongly advised to update their devices immediately to the latest firmware versions to prevent potential cyber threats.
Details of the Security Vulnerabilities
The vulnerabilities impact several NETGEAR devices and could allow remote attackers to take control of the affected routers and access points without requiring authentication. Such security flaws are particularly concerning as they can be leveraged for malicious activities, including data theft, network disruption, and unauthorized surveillance.
Affected Devices and Firmware Updates
NETGEAR has released fixes for the unauthenticated remote code execution (RCE) security vulnerability affecting the following models:
XR1000: Fixed in firmware version 1.0.0.74
XR1000v2: Fixed in firmware version 1.1.0.22
XR500: Fixed in firmware version 2.3.2.134
|
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 0/av:n/ac:l/pr:n/ui:n/s:u/c:h/i:h/a:l 0039 134 2023 300x150 access acknowledges acknowledgments action activities activity: address addressed administrator advised advisorites/1203/93 advisory affected affecting against alerts all allow allows already although always app apply apps arbitrary are assigned attacker attackers attacks authentication automatic available been begins behavior best blogs botnet box breaches breakdown bugcrowd business can caption= change click code com/000066558/security com/wp commands common company compromise compromise: compromised concerning connected content/uploads/2025/02/cyble control correct could credentials credentials: critical current cve cvss cvss:3 cyber cyble dangerous data date default deployment details device devices disclosure discovery disruption down download downloads drop drops emerging enable enhance ensure enter espionage essential execute execution exploit exploitation exploitation: exploited exposures eye failing file= firmware firmware: fixed fixes flaws follow following follows: from full functionality further future given has have haven high highlight highly https://cyble https://jocert https://kb identified identifier ids image immediate immediately impact include including indicate infections information insight install installation instructions integrity intercept issues its jo/en/listdetails/security jpg keep keeping known large latest leading leave leveraged list login maintain maintaining making malicious malware manual medium mobile model models models: modify monitor multiple ncsc need needing netgear network nighthawk not notes number official often once one orbi overview particularly password patched patches performance platform points possible potential potentially practices practices: prevent prioritize process product products products: prompt protect provided psv rated rce reboots receive recently recommended recommends regular release released remain remote remotely reported require requiring reroute research response responsible risks routers routers: safeguard score score: scores scoring search secure security select sensitive series seriousness several severity should similar some soon source: specializing stance steps strong strongly subscription such sudden support supported surveillance system take taking theft them these threats through title= traffic two type unauthenticated unauthorized under unexpected unique unknown unusual update updated updates updates: urges urging use user users vector: version versions vigilant visit vulnerabilities vulnerability vulnerable wax website well which why wifi without xr1000: xr1000v2: xr500: your |
| Tags | Malware Vulnerability Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.