Vulnerability in Netgear router allows external access

Tenable news

Share post

Tenable has discovered a vulnerability in a new NETGEAR router. The popular WiFi 6 router is known for its large area coverage and is also used by micro-businesses. The router can be reached from the outside with an old firmware via IPv6.

Tenable's ZeroDay research team found a network misconfiguration in the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400) working with firmware up to v1.0.7.78. The new update with firmware V1.0.9.90 fixes the security problem.

External attack via IPv6 possible

The bug inadvertently allowed unrestricted communication with all services listening over IPv6 on the device's WAN (internet-facing) port. This misconfiguration allows arbitrary access to any services running on the device and could potentially allow attackers to communicate with these devices from the Internet as if they were on the consumer's local network.

NETGEAR has released a patch about its auto-update feature. However, if the router is still working with firmware V1.0.6.74, then the automatic update function of the device does not seem to recognize that updates beyond V1.0.6.74 are available. Those consumers who rely on these devices' automatic update or "check for updates" mechanisms remain vulnerable to this issue, unless they manually apply the new patch.

More at Tenable.com

 


About Tenable

Tenable is a Cyber ​​Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.


 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more