Your Netgear router could be a vulnerability for hackers.

      Netgear has issued a security advisory regarding two critical vulnerabilities that impact Nighthawk Pro Gaming routers as well as specific Wi-Fi 6 access points. The company strongly urges users to promptly update their devices' firmware to reduce potential risks.

      The first vulnerability, designated as PSV-2023-0039, is a Remote Code Execution (RCE) flaw. This issue enables attackers to execute arbitrary code on affected devices from a distance, which could result in unauthorized control over the router. The second vulnerability, PSV-2021-0017, involves an authentication bypass flaw that allows hackers to bypass authentication mechanisms and gain unauthorized access to the management interface of the device.

      The models affected include the Nighthawk Pro Gaming Routers, specifically the XR1000, XR1000v2, and XR500, along with Wi-Fi 6 Access Points like the WAX206, WAX220, and WAX214v2.

      Firmware updates have been released to rectify these vulnerabilities. If you possess any of the mentioned products, it is highly recommended to download and install the latest firmware versions for your specific devices. Comprehensive instructions for updating the firmware can be found on Netgear’s official support page.

      Routers are prime targets for cyberattacks because they act as the primary gateway between the internet and home or business networks. They are always connected, making them a continuous attack point for hackers. Many routers come with weak default security settings, such as easily guessable credentials and outdated firmware, which users frequently fail to update. Attackers take advantage of these vulnerabilities to gain control of the router, allowing them to monitor internet traffic, initiate further attacks, or redirect users to harmful websites. Moreover, unsecured remote access features can enable hackers to take over routers from anywhere in the world.

      Once compromised, routers can be exploited for a variety of malicious activities, including botnet recruitment, DNS hijacking, and man-in-the-middle attacks. Cybercriminals can leverage them to intercept sensitive information, access IoT devices, and even use them as launching pads for large-scale cyberattacks like DDoS attacks.

      Because many users are unaware of the security risks associated with routers, these devices often go unpatched and vulnerable for long periods. To minimize risk, users should regularly update firmware, change default credentials, disable unnecessary remote management features, and enable robust encryption to secure their networks.

      Kunal Khullar contributes as a computing writer at Digital Trends, covering a range of topics, including CPUs, GPUs, monitors, and more.

      In a related note, Microsoft recently documented the largest DDoS attack ever recorded against a Microsoft Azure server in Asia. They shared insights into rising trends regarding DDoS attacks targeting their servers. They reported that, at one point, they thwarted a DDoS attack reaching a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps). This attack originated from 10,000 sources across various countries, including China, South Korea, Russia, Iran, and Taiwan, and lasted for 15 minutes. Notably, this was not the first attack of its kind, with two additional incidents in December recorded at 3.25 Tbps and 2.55 Tbps in Asia.

      Cloudflare has also published a report titled "DDoS Attack Trends for Q4 2021," revealing a significant increase in DDoS attacks in 2021. Ransom distributed denial of service (DDoS) attacks surged by over 175 percent quarter over quarter, underscoring the severity of the issue highlighted by Cloudflare.

      On another note, if you appreciate the design and performance of Netgear's renowned wing-shaped Nighthawk routers, you might be interested in the newly unveiled Nighthawk RAXE300. This Wi-Fi 6E router, announced prior to CES this year, is a more affordable alternative to the premium RAXE500, which is one of our preferred gaming routers currently available. Like the RAXE500, the RAXE300's incorporation of Wi-Fi 6E is expected to enhance performance through additional spectrum, more high-bandwidth channels, and reduced interference with lower latency, according to Netgear.