Netgear Patches Routers and Switches

Netgear released security advisories addressing two vulnerabilities affecting a number of its routers and switches. The first is a buffer overflow vulnerability, PSV-2016-0261, affecting WNR2000v3, WNR2000v4, WNR2000v5, and R2000 routers that could allow a remote hacker to bypass authentication and execute arbitrary commands. This can only be exploited by a malicious actor with access to the network hosting the device or if the router has the remote management feature enabled, which is disabled by default. The second is a vulnerability, PSV-2017-0857, affecting multiple models and versions of Smart and Managed Switches that could allow an unauthenticated hacker to access a debugging URL and execute arbitrary commands. Additionally, a remote hacker could access the switch if it is remotely accessible and lacks a firewall. The NJCCIC recommends all users and administrators review Netgear’s two security advisories and apply the necessary updates.