⚠️ CVE-2025-25427: A Stored cross-site scripting ... ⚠️ CVE-2025-3509: A Remote Code Execution (RCE) ... ⚠️ CVE-2025-3246: An improper neutralization of ... 🟡 CVE-2025-3124: A missing authorization vulner... 🟢 CVE-2024-42178: HCL MyXalytics is affected by ... 🟡 CVE-2025-3765: A vulnerability, which was cla... 🟡 CVE-2025-3764: A vulnerability classified as ... 🟢 CVE-2024-42177: HCL MyXalytics is affected by ... 🟡 CVE-2025-3763: A vulnerability classified as ... 🟡 CVE-2025-3762: A vulnerability was found in P... 🟡 CVE-2025-29722: A CSRF vulnerability in Commer... 🟡 CVE-2025-28101: An arbitrary file deletion vul... 🔥 CVE-2025-28009: A SQL Injection vulnerability ... 🟢 CVE-2025-26269: DragonflyDB Dragonfly through ... 🟢 CVE-2025-26268: DragonflyDB Dragonfly before 1... ⚠️ CVE-2024-55211: An issue in Think Router Tk-Rt... 🟢 CVE-2021-47671: In the Linux kernel, the follo... ⚠️ CVE-2021-47670: In the Linux kernel, the follo... ⚠️ CVE-2021-47669: In the Linux kernel, the follo... ⚠️ CVE-2021-47668: In the Linux kernel, the follo... 🟢 CVE-2025-32415: In libxml2 before 2.13.8 and 2... ⚠️ CVE-2025-2947: IBM i 7.6  contains a privile... ⚠️ CVE-2025-29661: Litepubl CMS <= 7.0.9 is vulne... ⚠️ CVE-2025-29181: FOXCMS <= V1.25 is vulnerable ... ⚠️ CVE-2025-29180: In FOXCMS <=1.25, the installd... ⚠️ CVE-2025-29039: An issue in dlink DIR 832x 240... ⚠️ CVE-2025-43015: In JetBrains RubyMine before 2... 🟡 CVE-2025-43014: In JetBrains Toolbox App befor... 🟡 CVE-2025-43013: In JetBrains Toolbox App befor... ⚠️ CVE-2025-43012: In JetBrains Toolbox App befor... 🟡 CVE-2025-42921: In JetBrains Toolbox App befor... 🔥 CVE-2025-39596: Weak Authentication vulnerabil... 🔥 CVE-2025-39595: Improper Neutralization of Spe... ⚠️ CVE-2025-39594: Improper Neutralization of Inp... 🔥 CVE-2025-39588: Deserialization of Untrusted D... 🔥 CVE-2025-39587: Improper Neutralization of Spe... ⚠️ CVE-2025-39586: Improper Neutralization of Spe... ⚠️ CVE-2025-39583: Missing Authorization vulnerab... 🟡 CVE-2025-39580: Missing Authorization vulnerab... ⚠️ CVE-2025-39569: Improper Neutralization of Spe... ⚠️ CVE-2025-39568: Improper Limitation of a Pathn... ⚠️ CVE-2025-39567: Improper Neutralization of Inp... 🟡 CVE-2025-39562: Improper Neutralization of Inp... 🟡 CVE-2025-39559: Missing Authorization vulnerab... ⚠️ CVE-2025-39558: Improper Neutralization of Inp... 🟡 CVE-2025-39554: Missing Authorization vulnerab... 🔥 CVE-2025-39551: Deserialization of Untrusted D... 🔥 CVE-2025-39550: Deserialization of Untrusted D... ⚠️ CVE-2025-39542: Incorrect Privilege Assignment... ⚠️ CVE-2025-39535: Authentication Bypass Using an... ⚠️ CVE-2025-39533: Missing Authorization vulnerab... ⚠️ CVE-2025-39532: Missing Authorization vulnerab... ⚠️ CVE-2025-39527: Deserialization of Untrusted D... ⚠️ CVE-2025-39526: Improper Control of Filename f... ⚠️ CVE-2025-39521: Improper Neutralization of Inp... ⚠️ CVE-2025-39519: Improper Neutralization of Inp... ⚠️ CVE-2025-39464: Improper Neutralization of Inp... ⚠️ CVE-2025-39462: Improper Control of Filename f... ⚠️ CVE-2025-39461: Improper Control of Filename f... 🟡 CVE-2025-39457: Missing Authorization vulnerab... 🟡 CVE-2025-39456: Missing Authorization vulnerab... ⚠️ CVE-2025-39455: Cross-Site Request Forgery (CS... 🟡 CVE-2025-39453: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39452: Improper Control of Filename f... 🟡 CVE-2025-39444: Improper Neutralization of Inp... 🟡 CVE-2025-39443: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39442: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39441: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39440: Cross-Site Request Forgery (CS... 🟡 CVE-2025-39439: Exposure of Sensitive System I... 🟡 CVE-2025-39438: Cross-Site Request Forgery (CS... 🟡 CVE-2025-39437: Cross-Site Request Forgery (CS... 🔥 CVE-2025-39436: Unrestricted Upload of File wi... ⚠️ CVE-2025-39435: Cross-Site Request Forgery (CS... 🟡 CVE-2025-39434: Authorization Bypass Through U... ⚠️ CVE-2025-39433: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39432: Improper Neutralization of Inp... ⚠️ CVE-2025-39431: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39430: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39429: Improper Control of Filename f... 🟡 CVE-2025-39428: Improper Neutralization of Inp... 🟡 CVE-2025-39427: Improper Neutralization of Inp... 🟡 CVE-2025-39426: Cross-Site Request Forgery (CS... 🟡 CVE-2025-39425: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39424: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39423: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39422: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39421: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39420: Improper Neutralization of Inp... ⚠️ CVE-2025-39419: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39418: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39417: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39416: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39415: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-39414: Cross-Site Request Forgery (CS... ⚠️ CVE-2025-32686: Deserialization of Untrusted D... 🔥 CVE-2025-32682: Unrestricted Upload of File wi... ⚠️ CVE-2025-32674: Improper Neutralization of Inp... ⚠️ CVE-2025-32670: Improper Neutralization of Inp... ⚠️ CVE-2025-32666: Improper Neutralization of Inp...
Netgear Urges Immediate Firmware Updates to Address Critical Router Vulnerabilities

By Cybersecurity Team on

Netgear Urges Immediate Firmware Updates to Address Critical Router Vulnerabilities

Netgear has recently identified two critical security vulnerabilities affecting multiple WiFi router models. These flaws could allow unauthorized attackers to execute remote code and bypass authentication mechanisms, posing significant risks to users' network security.

Details of the Vulnerabilities

The identified vulnerabilities are:

  • Remote Code Execution (RCE) Vulnerability (PSV-2023-0039): This flaw enables unauthenticated attackers to execute arbitrary code on the affected devices remotely.
  • Authentication Bypass Vulnerability (PSV-2021-0117): This issue allows attackers to bypass authentication protocols, granting unauthorized access to the device's settings and potentially the entire network.

These vulnerabilities are particularly concerning as they can be exploited without any user interaction, making them highly dangerous.

Affected Models and Firmware Updates

Netgear has released firmware updates to address these vulnerabilities for the following models:

  • XR1000: Firmware version 1.0.0.74
  • XR1000v2: Firmware version 1.1.0.22
  • XR500: Firmware version 2.3.2.134
  • WAX206: Firmware version 1.0.5.3
  • WAX220: Firmware version 1.0.5.3
  • WAX214v2: Firmware version 1.0.2.5

Users are strongly advised to update their devices to the latest firmware versions immediately to mitigate potential security risks.

Steps to Update Firmware

To ensure your Netgear device is protected, follow these steps to update the firmware:

  1. Visit the Netgear Support website.
  2. Enter your device's model number in the search box and select your model from the drop-down menu.
  3. Click on the "Downloads" section.
  4. Under "Current Versions," select the firmware version appropriate for your device.
  5. Click "Download" and follow the provided instructions to install the new firmware.

Updating the firmware is crucial to protect your network from potential exploits targeting these vulnerabilities.

Conclusion

Network security is paramount, and timely updates are essential to safeguard against emerging threats. Netgear's prompt response to these critical vulnerabilities underscores the importance of regular firmware updates. Users are encouraged to act swiftly to ensure their devices and networks remain secure.

Sources

Back to Posts