Quick remediation of Netgear router vulnerabilities urged

BleepingComputer reports that immediate patching has been urged by Netgear for a pair of security flaws affecting its Wi-Fi 6 routers.

First of the addressed vulnerabilities is a stored cross-site scripting bug in Netgear's XR1000 Nighthawk gaming router, tracked as PSV-2023-0122, which could be leveraged to facilitate user session hijacking, malicious site redirections, and sensitive data exfiltration. Meanwhile, the other is an authentication bypass issue impacting CAX30 Nighthawk AX6 6-Stream cable modem routers, tracked as PSV-2023-0138, which could be exploited to enable unauthorized admin interface access and potential device takeovers. Organizations have been recommended to download the latest firmware versions of the affected router models through the Netgear Support site, with the company dismissing any responsibility for future device compromise stemming from the absence of patches following the advisory. Such a development comes a month after end-of-life Netgear routers were found to be impacted by six flaws, which the firm no longer patched.