Thursday 1 July 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
What you need to know:
Microsoft researchers have disclosed new critical vulnerabilities involving Netgear DGN2200v1 series routers, which they claim could be an access point for identity theft leading to full system compromise. Following the release of patches in a coordinated vulnerability disclosure (CVD) last December, mitigations for the hardware and its counterparts are once again being highlighted in light of observed imminent firmware related attacks.
Routers running firmware versions prior to v18.104.22.168
Actions to be taken:
Users are advised to check Netgear’s knowledgebase on HTTPd Authentication Vulnerabilities and available patches at https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1