Security News
UPDATE. Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. The company says that routers that won't receive updates are outdated or have reached EOL. The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent attackers to bypass authentication on vulnerable Netgear routers - sans authentication.
Netgear has quietly decided not to patch more than 40 home routers to plug a remote code execution vulnerability - despite security researchers having published proof-of-concept exploit code. Keen-eyed Reg readers noticed that Netgear quietly declared 45 of the affected products as "Outside the security support period" - meaning those items won't be updated to protect them against the vuln.
Joining the flagship Orbi WiFi 6 AX6000 Tri-band Mesh System, this new Orbi Mesh System, with its attractive price point, is designed to make robust whole home WiFi 6 mesh accessible to more households around the globe. Following on the tremendous success of the award-winning Orbi WiFi 6 AX6000 mesh system and the numerous WiFi 6 clients now available from phone and laptop manufacturers, the Orbi AX4200 WiFi 6 Mesh Systems join NETGEAR's industry-leading portfolio of WiFi 6 network product offerings.
Netgear has started releasing patches for ten vulnerabilities affecting nearly 80 of its products, including flaws disclosed last year at the Pwn2Own hacking competition. All of the security holes were reported to Netgear through Trend Micro's Zero Day Initiative, including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team Flashback.
Netgear has now patched 28 out of 79 vulnerable router models, six months after infosec researchers first noticed security problems potentially allowing an attacker to remotely execute code as root. Over the past few weeks Netgear has been pushing out fixes, having so far plugged problems with 28 of the 79 models it says are affected by the unwanted remote-superuser flaw.
UPDATED. Researchers this week said they discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. The flaw, a memory-safety issue present in the firmware's httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative by a researcher called "d4rkn3ss" from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.
Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.
An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January. Through service workers, scripts that browsers run as background processes, Saleem Rashid reckons he can exploit Netgear routers to successfully compromise admin panel credentials.
Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.
A firmware update NETGEAR recently released for the N300 series routers addresses two denial-of-service (DoS) vulnerabilities found by security researchers at Cisco’s Talos group. Tracked as...