Netgear networking company released patches for more than 50 vulnerabilities affecting its routers, network switches, network-attached storage (NAS) devices and wireless access points.
Netgear warned users about vulnerabilities in various ReadyNAS devices (R7800, R9000), routers (WNR2000v5) and other company’s products.
The discovered vulnerabilities could allow remote code execution, implementation of various commands, bypass authentication and could provide administrator credentials. Some vulnerabilities were associated with an incorrect configuration of security settings or allowed to perform an XSS attack. A full list of vulnerabilities and affected devices is available on the company’s website.
Most number of fixed vulnerabilities have been detected in network switches. Some of the vulnerabilities could allow to modify user privileges and to perform XSS or DoS attacks.
Vulnerabilities were discovered by both Netgear staff and third-party security researchers participating in company’s reward program. The bounty program, which was launched in January 2017, offers a maximum reward of $15,000 for detected vulnerabilities. The participating researchers already found more than 270 vulnerabilities.
Netgear is the global networking company that produces devices for small and medium enterprises and home users.