Netgear urges users to update popular router models to address vulnerability

Network hardware giant Netgear is urging users to update several router models to address a vulnerability that cybersecurity experts say could allow hackers to install malware or carry out a number of other malicious activities.

In an advisory last week, the company said the it “released fixes for a pre-authentication buffer overflow security vulnerability” referred to as CVE-2022-48196 affecting several types of popular routers.

“NETGEAR strongly recommends that you download the latest firmware as soon as possible,” the company said, adding that users should visit NETGEAR Support, type their model number into the search box and download the most current version of firmware. 

“The pre-authentication buffer overflow vulnerability remains if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.”

The bug has a CVSS score of 7.4 and Netgear said it expects to update the advisory as new information becomes available.

Vulcan Cyber’s Mike Parkin said issues related to buffer overflow could lead from a simple denial of service attack, to being able to run arbitrary code on the target.  

Other experts like Keeper Security vice president Patrick Tiquet told The Record that hackers use methods like a pre-authentication buffer overflow to gain control of a router and from there can carry out a number of malicious activities including identity theft, install malware, and reroute the user to fake websites to steal credentials or financial information. 

He noted that for anyone who manages their home WiFi with one of the affected devices, it is important to make sure it is up-to-date with the latest firmware and patches.

John Bambenek, principal threat hunter at Netenrich, noted that some of the vulnerable routers are ones currently being sold by Netgear. 

“Even so, if you got 100 owners of these devices together and asked them if they’ve updated, 99 would say no and the other is lying,” Bambenek said. 

“These devices get placed online and are forgotten after they are unboxed which means with this vulnerability there are building blocks to get them into a botnet like Mirai.”