Owners of Netgear routers including Orbi systems and several Nighthawk models should check if their firmware is the latest version available as soon as possible. The company issued two dozen security alerts in a single day this week, warning users about a wide range of patched vulnerabilities affecting many different router models, range extenders, and Wi-Fi systems. Netgear doesn’t offer detailed information on how attackers exploit the vulnerabilities it patched, but the company’s alerts label the nature of each one. Their level of severity ranges between medium, high, and critical. Two of the alerts involve pre-authentication buffer overflow vulnerabilities. Bleeping Computer writes that successful pre-authentication buffer overflow attacks could result in crashes or arbitrary code execution. They’re potentially dangerous because they don’t involve tricking a router’s owner into doing anything. Netgear lists one of these vulnerabilities as high-priority.
Almost half of Netgear’s alerts from this week are for post-authentication command injection vulnerabilities. These require an attacker to gain authentication to enter the system but could let them execute root-level commands once they’re in. The other vulnerabilities could allow authentication bypass, denial of service attacks, and could leak sensitive information. One alert is for security misconfiguration. Netgear rates at least one alert as critical. In each alert, Netgear has a list of affected firmware versions and devices large enough that just about anyone with recent Netgear equipment should check their firmware. The right side of each page also includes directions for checking each product’s model number. The easiest way to update a Netgear device’s firmware is through one of the company’s mobile apps: the Nighthawk app for Nighthawk products, the Orbi app for Orbi systems, and the Insight app for some business devices. To update firmware over the web, head to the Netgear support page. Start typing your model number and a drop-down list should appear. Click on your model number if it appears in the list, then click “downloads.” Under “Current Versions,” click on the download with a title beginning with “Firmware Version,” then click “Download.” Netgear also includes directions in product manuals, product support pages, and firmware release notes.