When it comes to network equipment and enterprise gear, given that they are the first defense wall between incoming network traffic and the operating system, it is crucial to patch any vulnerabilities as quickly as possible to avoid any exploits leading to malicious actors breaking in. Especially because a lot of machines can be linked to this hardware equipment, security issues put them and the users at direct risk of malicious actors.

About NETGEAR

NETGEAR is a multi-billion dollar computer networking company established in 1996, that operates multi-nationally. NETGEAR’s products and solutions are sold in an estimated 24,000 retail locations worldwide. The company produces widely used networking equipment such as; switches, routers, gateways, wireless access points, surveillance, and NAS (Network Attached Storage) products.

The NETGEAR Router Series Operating System Software Vulnerability

Both the public CVE (Common Exposures and Vulnerabilities) software vulnerability database as well as private sources have reported a software vulnerability issue with the NETGEAR ‘Smart Switches’. The vulnerability was marked as critical. The issue affects several versions of the NETGEAR router operating system (OS.) The issue portrays weak authentication in unpatched software. In addition, a remote attack can easily be launched by a malicious actor due to the authentication weaknesses and issues with unknown functionality of the HTTP Authentication Handler component. These issues impact confidentiality, integrity, and availability.

Technical Details

The vulnerability type was reported as an improper authentication issue affecting HTTP authentication. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available at the moment.

Vulnerable Software Devices

Important User Information

Users need to know that a fix has been released in the meantime. The fix can be found in NETGEAR’s Security Advisory section.

NETGEAR Router Operating System Software Vulnerability - 98NETGEAR Router Operating System Software Vulnerability - 50NETGEAR Router Operating System Software Vulnerability - 11NETGEAR Router Operating System Software Vulnerability - 96