Patch your Netgear router right now!
Most everyone thinks of routers as set-and-forget devices. But you should ditch that habit right about now, especially if you own a Netgear Nighthawk router or Wi-Fi 6 access point. Fixes for two critical vulnerabilities just got issued and they should be applied immediately.
As reported by Bleeping Computer, three Nighthawk Pro Gaming routers and three Wi-Fi 6 access points are affected. On the routers, an unauthenticated remote code execution (RCE) vulnerability can allow a hacker to run malicious code. On the access points, an authentication bypass vulnerability can let an attacker access the device without needing its password.
Router models requiring a firmware upgrade are the Netgear Nighthawk Pro XR1000, XR1000v2, and XR500.
Wi-Fi access points that should get a firmware update are the Wi-Fi 6 WAX206, WAX220, and WAX214v2.
Netgear model numberPatched firmware versionXR10001.0.0.74XR1000v21.1.0.22XR5002.3.2.134WAX2061.0.5.3WAX2201.0.3.5WAX214v21.0.2.5Netgear published an advisory for each vulnerability on February 1st. The company first recommends using one of its apps to perform the firmware updates. (For the routers, it would be the Netgear Nighthawk app.)
If your product is not supported by an app, you can use the manual process. All steps must be followed for the vulnerability to be mitigated:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
- If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- Click Downloads.
- Under Current Versions, select the download whose title begins with Firmware Version.
- Click Download.
- Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.
Typically, firmware updates for networking gear are pretty easy to handle and for some routers, they’re automatic. You may only need to check your firmware number to confirm the fixes are in place. (Hopefully, you’re that lucky.)