Guest Killhippie Posted September 27, 2018 Share Posted September 27, 2018 For anyone who has not updated of has downgraded Netgear has published a list of vulnerabilities fixed in 2.3.2.32, there are three stackoverflow vulnerabilities and one authentication bypass. All carry a CVSS (The Common Vulnerability Scoring System) rating of High which is meant to show what needs patching first so the higher the number the greater the priority and a CVSS score which tells you how bad the vulnerability is, 8 and above is severe and all of the vulnerabilities in firmware lower than 2.3.2.32 are high risk and carry a 8.8 severity rating and should be patched asap. To give an example an authentication bypass could let hackers gain access to your router if you have remote access enabled for instance but sometimes they can do it without that being enabled it depends on the on the vulnerability in question (I think the nighthawk app needs remote access this to work but I'm not 100% sure) and then they can bypass your security questions and passwords and then have full access to files and passwords and certain connected devices. That's not good news at all, as your router is your first line of defence for most people. Netgear also give a warning about this. "Vulnerabilities remains if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification" So basically if you don't update and your router and if it gets pwned its your fault! Here is the list of patched issues in v2.3.2.32. As I mentioned all are high priority and have a 8.8 severity rating, so these should be patched with the current firmware update to protect your hardware. https://kb.netgear.com/000060243/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0309 https://kb.netgear.com/000060242/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0312 https://kb.netgear.com/000060241/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-XR500-PSV-2018-0313 https://kb.netgear.com/000060240/Security-Advisory-for-Authentication-Bypass-on-XR500-PSV-2018-0324 Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted September 27, 2018 Administrators Share Posted September 27, 2018 Thanks for posting this KillHippie. It's worth noting that unless you specifically disabled auto upgrade on your router then your router will have probably automatically upgraded to this version by now. That's why it is a good idea to keep it enabled. If you don't have the latest version you can get it from here: https://kb.netgear.com/000060127/XR500-Firmware-Version-2-3-2-32 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.