Jump to content

V2.3.2.32 Important security fixes!


Guest Killhippie

Recommended Posts

Guest Killhippie

For anyone who has not updated of has downgraded Netgear has published a list of vulnerabilities fixed in 2.3.2.32, there are three stackoverflow vulnerabilities and one authentication bypass. All carry a CVSS (The Common Vulnerability Scoring System) rating of High which is meant to show what needs patching first so the higher the number the greater the priority and a CVSS score which tells you how bad the vulnerability is, 8 and above is severe and all of the vulnerabilities in firmware lower than 2.3.2.32  are high risk and carry a 8.8 severity rating and should be patched asap.

To give an example an authentication bypass could let hackers gain access to your router if you have remote access enabled for instance but sometimes they can do it without that being enabled it depends on the on the vulnerability in question (I think the nighthawk app needs remote access this to work but I'm not 100% sure) and then they can bypass your security questions and passwords and then have full access to files and passwords and certain connected devices. That's not good news at all, as your router is your first line of defence for most people.

Netgear also give a warning about this. "Vulnerabilities remains if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification"  So basically if you don't update and your router and if it gets pwned its your fault!

Here is the list of patched issues in v2.3.2.32. As I mentioned all are high priority and have a 8.8 severity rating, so these should be patched with the current firmware update to protect your hardware.



https://kb.netgear.com/000060243/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0309

https://kb.netgear.com/000060242/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0312

https://kb.netgear.com/000060241/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0313

https://kb.netgear.com/000060240/Security-Advisory-for-Authentication-Bypass-on-XR500-PSV-2018-0324

Link to comment
Share on other sites

  • Administrators

Thanks for posting this KillHippie. 

It's worth noting that unless you specifically disabled auto upgrade on your router then your router will have probably automatically upgraded to this version by now. That's why it is a good idea to keep it enabled. If you don't have the latest version you can get it from here: https://kb.netgear.com/000060127/XR500-Firmware-Version-2-3-2-32

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...