Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.
Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials.
The vulnerabilities is tracked as PSV-2020-0363, PSV-2020-0364 and PSV-2020-0365 by Netgear and which range in CVSS rating from high (7.4) to critical (9.4).
Recommendations
NETGEAR strongly recommends that you download the latest firmware as soon as a firmware update or firmware hotfix is available for your product.
References
- Security Advisory for Multiple HTTPd Authentication Vulnerabilities on DGN2200v1
- Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
CVE-2020-35785