Beleaguered Netgear released firmware updates for some of its routers and switches to fix multiple vulnerabilities.
In an advisory, Netgear said there was a buffer overflow vulnerability that can end up exploited by a remote attacker to bypass authentication and execute arbitrary commands.
The flaw, discovered by Maxime Peterlin of ON-X, affects WNR2000v3, WNR2000v4, WNR2000v5 and R2000 routers. Firmware updates that patch the vulnerability are available for all impacted models.
Netgear said an attacker can exploit the weakness if he or she has access to the network hosting the device, or if the router has the remote management feature enabled. This feature is disabled by default.
A separate advisory mentions a vulnerability affecting some of the company’s smart and managed switches. The flaw allows an unauthenticated attacker to access a debugging URL from where they can execute arbitrary commands, including resetting and rebooting the switch.
An attack can end up launched remotely if the switch is remotely accessible. However, Netgear said most users have firewalls in place that should prevent exploitation.
The security hole affects nearly three dozen switches, including FS, GS, M, S and XS models. Firmware updates that patch the flaw are available for most of the impacted devices.