Pierluigi Paganini February 04, 2025

Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them.

Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware.

The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability.

An unauthenticated attacker could exploit both vulnerabilities without user interaction.

The unauthenticated RCE security vulnerability PSV-2023-0039 impacts the following product models:

• XR1000, the issue was fixed in firmware version 1.0.0.74
• XR1000v2, the issue was fixed in firmware version 1.1.0.22
• XR500, the issue was fixed in firmware version 2.3.2.134

“NETGEAR strongly recommends that you download the latest firmware as soon as possible.” reads the advisory.

The authentication bypass security vulnerability PSV-2021-0117 impacts the following product models:

• WAX206, the issue was fixed in firmware version 1.0.5.3
• WAX220, the issue was fixed in firmware version 1.0.3.5
• WAX214v2, the issue was fixed in firmware version 1.0.2.5

Download the latest firmware for your NETGEAR product from the official website:

• Visit NETGEAR Support.
• Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
  If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
• Click Downloads.
• Under Current Versions, select the download whose title begins with Firmware Version.
• Click Download.
• Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NETGEAR)