Netgear Nighthawk (routers)

Models

• Netgear Nighthawk X4
• Netgear Nighthawk AC1900 WiFi Range Extender

Chronicle

2022: Netgear acknowledges existence of critical holes in Nighthawk routers

On December 28, 2022, Netgear released a software update for a number of its Wi-Fi routers: the update fixes a dangerous vulnerability that could be exploited by cybercriminals, including for the purpose of organizing DDoS attacks.

Netgear Nighthawk Pro Gaming Router XR500

The PSV-2019-0208 security bulletin reports that the problem is related to a buffer overflow before authentication. Netgear does not disclose details about the vulnerability and does not say what consequences its use by cybercriminals can lead to. However, information security experts say such "holes" theoretically allow hackers to gain control of the router. After that, a variety of malicious actions can be performed, including stealing personal data, installing malware and redirecting the user to fake websites to steal account or financial information.

It is known that the problem affects nine Wi-Fi routers from the Wireless AC Nighthawk, Wireless AX Nighthawk (Wi-Fi 6) and Wireless AC series. Netgear strongly recommends that owners of all vulnerable devices download the firmware update as soon as possible.

The buffer overflow vulnerability remains before authentication if you do not follow all the recommended steps. Netgear is not responsible for any consequences that could be avoided by following the recommendations set out in the notice, the security bulletin says.

However, IT experts note that most users usually ignore such recommendations. According to experts at Netenrich, devices like routers are placed on the network and forgotten after unpacking, meaning there is a possibility of attacks or botnets.^[1]

Notes