On February 4, 2025, Netgear issued a crucial alert regarding two significant vulnerabilities impacting several of its WiFi router models. These security flaws, which allow unauthenticated attackers to execute remote code and bypass authentication, pose a serious risk to users if not addressed promptly.
Overview of Vulnerabilities
The vulnerabilities affect multiple models, including the WiFi 6 access points WAX206, WAX214v2, and WAX220, as well as the Nighthawk Pro Gaming routers XR1000, XR1000v2, and XR500. The company has classified the issues internally as PSV-2023-0039 for the remote code execution flaw and PSV-2021-0117 for the authentication bypass. Both vulnerabilities can be exploited with minimal effort by malicious actors without requiring any user interaction. Netgear has strongly urged all users to update their devices with the latest firmware versions to mitigate these risks. The company emphasized that failure to do so could leave routers vulnerable to exploitation.
Affected Models and Firmware Updates
To assist users in rectifying these vulnerabilities, Netgear provided a list of affected models along with their corresponding patched firmware versions:
| Vulnerable Netgear Router | Patched Firmware Version |
|---|---|
| XR1000 | 1.0.0.74 |
| XR1000v2 | 1.1.0.22 |
| XR500 | 2.3.2.134 |
| WAX206 | 1.0.5.3 |
| WAX220 | 1.0.5.3 |
| WAX214v2 | 1.0.2.5 |
Users are encouraged to visit the Netgear Support site, locate their router model, and follow the provided instructions to download and install the necessary updates.
Implications for Users
The potential consequences of neglecting these updates are significant. With remote code execution capabilities, attackers could gain unauthorized access to sensitive information or take control of affected devices entirely. Furthermore, Netgear has made it clear that they will not be held liable for any repercussions stemming from users’ failure to implement the recommended security measures. This warning follows a series of previous advisories from Netgear regarding various vulnerabilities in their products, highlighting an ongoing need for vigilance among users of their networking equipment.