Security News > 2020 > March > Critical Netgear Bug Impacts Flagship Nighthawk Router
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68.
The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.
The same high-severity command injection flaw also exists in 29 other router models within the D6000, R6000, R7000, R8000, R9000 and XR500 family of Netgear hardware.
Brands include 20 SKUs of the Wireless AC Router Nighthawk hardware, four of its Wireless AC Routers and four DSL Gateway AC devices.
On Tuesday, Netgear warned of a second high-severity post-authentication command injection flaw impacting five router models within the R6400, R6700, R6900 and R7900 SKUs and that are running specific vulnerable firmware.
News URL
https://threatpost.com/critical-netgear-bug-impacts-nighthawk-router/153445/
Related news
- Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) (source)
- Zyxel warns of critical OS command injection flaw in routers (source)
- Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)