Security News

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw impacts the XR1000 Nighthawk gaming router.

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. An attacker could leverage the vulnerability to intercept and access sensitive communications between the router and the devices connecting to it.

The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. Hackers are increasingly targeting and compromising verified government and business X accounts with 'gold' and 'grey' checkmarks to add legitimacy to their malicious tweets pushing cryptocurrency scams, phishing sites, and sites dropping crypto drainers.

A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service attacks. In total, the malware targets no less than 22 known seccurity issues in various connected products, which include routers, DVRs, NVRs, WiFi communication dongles, thermal monitoring systems, access control systems, and solar power generation monitors.

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution. "Successful exploits could allow attackers to monitor users' internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic," Claroty security researcher Uri Katz said in a report.

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers - including one critical command execution vulnerability. The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend WiFi networks.

Proof-of-concept exploits for vulnerabilities in Netgear's Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug. The first and most critical flaw is tracked as CVE-2022-37337 and is a remotely exploitable command execution vulnerability in the access control functionality of the Netgear Orbi router.

PfSense also offers its own routers under the name Netgate for those who want an experience closer to a bundled hardware and software option, such as with Netgear, but with the added options and flexibility pfSense offers. Due to the variety of hardware configurations with both pfSense and Netgear, this comparison will mostly focus on software settings and the key features between the two.

Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can't be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router. Netgear's BR200 and BR500 VPN routers are marketed as remote networking solutions for small to medium-size businesses and home offices, and provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more.

Netgear is pushing out fixes for a bad Orbi firmware update released earlier this month that prevents users from accessing the device's admin console. "We are aware of an issue affecting the Orbi RBK85x and RBK75x Series Mesh WiFi 6 Systems," Netgear explained on their status page.