NETGEAR is aware of a security vulnerability that can allow an unauthenticated attacker on the local area network to execute commands with administrator privileges on a WNR854T router.
This vulnerability affects the following products:
NETGEAR has released a firmware fix for this unauthenticated command execution vulnerability, firmware version 1.5.2. NETGEAR strongly recommends that all affected users download the latest firmware for their WNR854T router as soon as possible.
To download the latest firmware for your NETGEAR product:
- Visit https://www.netgear.com/support/product/WNR854T.aspx#download.
- Click the download whose title begins with Firmware Version.
- Click Release Notes.
- Follow the instructions in the release notes to download and install the new firmware.
The potential for unauthenticated command execution remains if you do not update your firmware. NETGEAR is not responsible for any consequences that could have been avoided by updating your firmware as recommended in this notification.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit https://bugcrowd.com/netgear.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
For all other issues, visit http://www.netgear.com/about/security/.
Last Updated:06/22/2017
|
Article ID: 000038833