Netgear: Nighthawk Pro gaming router with malware leak
Netgear warns of code-smuggling vulnerabilities in Nighthawk Pro gaming routers. In addition, some routers have a security gap after the end of support.
The Nighthawk Pro XR1000 is one of the affected routers.
(Image: Netgear)
Internet routers from Netgear's Nighthawk Pro Gaming series have a security vulnerability that allows attackers to infiltrate and execute malicious code. No login is required for this, which is why Netgear classifies the vulnerability as critical. Updates are available, which admins should apply immediately.
In a security announcement, Netgear warns that the XR500, XR1000 and XR1000v2 routers are vulnerable. The company has therefore released security updates to close the gap. The new versions 2.3.2.134 for XR 500, 1.0.0.74 for XR1000 and 1.1.0.22 for XR1000v2 no longer contain the errors. Netgear strongly recommends downloading the new firmware as soon as possible. Netgear does not provide any further information on the vulnerability; the authors do not explain how attackers can exploit the gap. However, the firmware update is the only way to close the gap (CVE-2025-25246, CVSS 9.8, risk “critical”). Mitre classifies the vulnerability as somewhat less serious, with a CVSS score of 8.1 as a “high” risk.
Vulnerability: Apply firmware updates quickly
On the Netgear support website, admins should enter the model number of their router in the search box and select their model from the drop-down menu that appears. Under “Downloads”, then “Current Version”, click on the title that begins with “Firmware Version”. On the page, click “Download” again to download the file. The firmware update should be easier with the Netgear apps, especially with the Netgear Nighthawk Aoo for managing Nighthawk routers.
Videos by heise
The older Netgear FVS336Gv2 and FVS336Gv3 routers have a security vulnerability that allows attackers to inject commands via Telnet. According to the vulnerability entry in the NIST database, attackers must be logged in to do so, but can then execute any commands with root privileges. All they have to do is send manipulated “util backup_configuration” (CVE-2024-23690, CVSS 7.2, high). As the routers have reached their end-of-life, there are no longer any security updates for them. Users should replace the devices with the latest ones with manufacturer support.
On Thursday, it became known that several Zyxel routers whose support period has been over for years also have security vulnerabilities in the Telnet context. Insecure standard access data can serve as a backdoor for attackers.
(dmk)
