Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Netgear fixes a critical RCE that could allow to takeover Flagship Nighthawk routers

Netgear is warning users of a critical remote code execution flaw that could allow an unauthenticated attacker to take control of its wireless routers. Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. […]

Netgear

Netgear is warning users of a critical remote code execution flaw that could allow an unauthenticated attacker to take control of its wireless routers.

Netgear has addressed a critical remote code execution vulnerability that could be exploited by an unauthenticated attacker to take over AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68.

The advisory published by the vendor also includes two high-severity issues affecting Nighthawk routers, 21 medium-severity flaws, and one low-severity vulnerability.

The critical vulnerability, tracked as PSV-2019-0076, affects Netgear Nighthawk X4S Smart Wi-Fi Router (R7800) family.

“NETGEAR has released fixes for a unauthenticated remote code execution security vulnerability on the following product models:

  • R7800, running firmware versions prior to 1.0.2.68

NETGEAR strongly recommends that you download the latest firmware as soon as possible.” reads the advisory published by the vendor.”

The company did not disclose technical details of the vulnerability, it only recommended to apply the necessary patches.

Netgear also addressed a high-severity flaw in several Netgear routers, the vendor tracked the flaw as PSV-2018-0352. The vulnerability is a post-authentication command injection issue and impacts Nighthawk (R7800) routers running firmware prior to version 1.0.2.60.

The PSV-2018-0352 flaw affects tens of routers, including D6000, R6000, R7000, R8000, R9000 and XR500 family of Netgear hardware.

Netgear

This week, the vendor also issued a security bulletin for the PSV-2019-0051 vulnerability, a pre-authentication command injection security issue that affects the following models:

  • R6400v2, running firmware versions prior to 1.0.4.84
  • R6700, running firmware versions prior to 1.0.2.8
  • R6700v3, running firmware versions prior to 1.0.4.84
  • R6900, running firmware versions prior to 1.0.2.8
  • R7900, running firmware versions prior to 1.0.3.10
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

[adrotate banner=”5″]

[adrotate banner=”13″]