WARNING: CRITICAL UNAUTHENTICATED RCE IN NETGEAR MODELS XR1000, XR1000V2, XR500, PATCH IMMEDIATELY!
CVE-2025-25246: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Bronnen
Risico’s
A flaw affects the firmware for Netgear models XR1000, XR1000v2 and XR500. An unauthenticated attacker could achieve remote code execution (RCE) by exploiting a flaw in the firmware.
Beschrijving
A malicious attacker could use this vulnerability to gain access to your network, steal data, intercept traffic, use your network to perform other malicious activities or pivot more profoundly into the network by compromising other systems.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The versions below address the vulnerabilities:
- XR1000 fixed in firmware version 1.0.0.74
- XR1000v2 fixed in firmware version 1.1.0.22
- XR500 fixed in firmware version 2.3.2.134
The accompanying app can update some products:
- Orbi products: NETGEAR Orbi app
- NETGEAR Wi-Fi routers: NETGEAR Nighthawk app
- Some NETGEAR Business products: NETGEAR Insight app
Monitor/Detect
The CCB recommends that organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.