Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models.

A remote attacker could exploit these vulnerabilities to hijack user sessions, redirect users to malicious sites or display fake login forms, and steal restricted information.

NETGEAR has released fixes for a cross site scripting security vulnerability and authentication bypass security vulnerability on the following product models:

• NETGEAR Nighthawk XR1000 router - fixed in firmware version 1.0.0.72 - PSV-2023-0122
• NETGEAR Nighthawk CAX30 router - fixed in firmware version 2.2.2.2 – PSV-2023-0138.

Netgear strongly recommends customers to download the latest firmware for their devices as soon as possible.

More information on vulnerabilities and updates is available in Netgear security advisories – netgear.com.

Source: bleepingcomputer.com