Netgear has released security updates addressing two critical vulnerabilities affecting several WiFi router models and has strongly urged users to update their firmware immediately. These vulnerabilities could allow unauthenticated attackers to execute remote code or bypass authentication, creating a serious security loophole and attack surface.
Impacted Devices and Security Risks
The security flaws affect multiple WiFi 6 access points and Nighthawk Pro Gaming routers, specifically the following models:
- WiFi 6 Access Points: WAX206, WAX214v2, WAX220
- Nighthawk Pro Gaming Routers: XR1000, XR1000v2, XR500
While Netgear has not disclosed extensive technical details about the vulnerabilities, the company has identified the flaws the following way:
- Remote Code Execution (RCE) Vulnerability (PSV-2023-0039) – Attackers can execute arbitrary code remotely without authentication.
- Authentication Bypass Vulnerability (PSV-2021-0117) – Allows unauthorized access to the router in a low-complexity attack that requires no user interaction.
These security flaws could be exploited by cybercriminals to take control of affected routers, intercept network traffic, or deploy malware within compromised networks.
Firmware Updates and Fixes
To protect against potential attacks, Netgear has released patched firmware versions for the following devices:
- XR1000 – Firmware version 1.0.0.74
- XR1000v2 – Firmware version 1.1.0.22
- XR500 – Firmware version 2.3.2.134
- WAX206 – Firmware version 1.0.5.3
- WAX220 – Firmware version 1.0.5.3
- WAX214v2 – Firmware version 1.0.2.5
Owners of the above-mentioned Netgear routers must update their firmware immediately to mitigate the possible security risks. “The unauthenticated RCE vulnerability remains if you do not complete all recommended steps,” the company stated. Netgear has also clarified that they will not be responsible for security breaches resulting from users ignoring the firmware update.
How can you update your router’s firmware?
How to Update Your Netgear Router Firmware
To install the latest security updates, follow these steps:
- Go to the Netgear Support website.
- Enter your router model number in the search box and select your device from the drop-down list.
- Click on Downloads and look for the latest firmware update under Current Versions.
- Click Release Notes and follow the step-by-step instructions to download and install the new firmware.
Please remember that failure to install the update leaves the remote code execution vulnerability active, potentially exposing your device to cyberattacks.
Previous Netgear Security Issues
Netgear has faced multiple security challenges in recent years. In July 2023, the company urged users to install patches for stored cross-site scripting (XSS) and authentication bypass vulnerabilities affecting several WiFi 6 routers. In 2022, 79 Netgear router models were found containing a severe security vulnerability that could lead to remote control, affecting 758 firmware versions used in 79 Netgear router models.
If you own one of the affected Netgear routers, updating your firmware is critical to securing your network. Cyberattacks targeting unpatched vulnerabilities are becoming increasingly common, making regular firmware updates essential for protecting personal and business data.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: