The Register: Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

Feb 5, 2025

—

Source URL: https://www.theregister.com/2025/02/05/netgear_fixes_critical_bugs_while/
Source: The Register
Title: Netgear fixes critical bugs as Five Eyes warn about break-ins at the edge

Feedly Summary: International security squads all focus on stopping baddies busting in through routers, IoT kit etc
Netgear is advising customers to upgrade their firmware after it patched two critical vulnerabilities affecting multiple routers.…

AI Summary and Description: Yes

**Summary:** Netgear has issued a stern warning for users to update their router firmware due to critical vulnerabilities that could lead to severe attacks. The combination of these vulnerabilities has garnered attention from national security agencies, highlighting the broader issue of edge device security amid increasing cyber threats.

**Detailed Description:**
The article discusses recent security vulnerabilities affecting multiple models of Netgear routers, which have prompted a warning for users to upgrade their firmware:

– **Vulnerabilities Identified:**
– Two critical vulnerabilities rated with high severity:
– **Authentication Bypass Bug (PSV ID: 2024-0117)**: CVSS score of 9.6
– **Unauthenticated Remote Code Execution (RCE) Flaw (PSV ID: 2023-0039)**: CVSS score of 9.8
– Vulnerable models include both current and end-of-life devices, indicating a wide-ranging impact.

– **Importance of Edge Devices:**
– Edge devices like routers and access points can serve as entry points for attackers into networks.
– National security agencies from multiple countries (U.S., U.K., Canada, Australia, etc.) have issued coordinated guidelines to enhance the security of such devices.

– **Recommendations from Agencies:**
– The guidelines emphasize:
– Enhanced logging
– Forensic data gathering
– The intention is to provide manufacturers and users with the necessary tools to prevent and investigate cyber intrusions, ensuring robust defense against potential attacks.

– **Call for Action:**
– Security leaders have stressed the need for organizations to prioritize the security of edge devices as they scale up, especially to protect critical services and sensitive data.
– The cooperation of international security agencies highlights the urgency and widespread nature of the threats faced by organizations today.

This situation underlines the critical need for continuous firmware updates and improved security practices for edge devices to enhance overall network security. It serves as a reminder for organizations to bake security into their operational frameworks and stay abreast of evolving threats in the cybersecurity landscape.

01 1 2 2024 3 4 5 7 a access access points Act after AI and art as attack attackers attacks Australia authentication Authentication Bypass Bug bugs by bypass C Canada CIA code code execution cooperation core critical Current Customer CVSS cyber cyber intrusions cyber threat cyber threats Cybersecurity cybersecurity landscape D data data gathering day de defense device security e edge Edge Devices end event evolving threats execution face fact firmware firmware update firmware updates Five Eyes for framework frameworks g Gen GIS grade gs guidelines high high severity Highlight HR http HTTPS in inter intern International Security IoT k l land law led life logging model models multi nation national security national security agencies Netgear network network security networks o of on operation organization organizations out over Patch point potential pre prompt R rate RCE red Remote Code Execution Ro routers s Scale sec security Security Agencies security landscape security practices Security Vulnerabilities sensitive data service services severity source SSE STIG T the threat threats to tool tools TP trie two U.S. UI unauthenticated up update updates upgrade US use user Users uth V vulnerabilities Wi x