Netgear has released emergency firmware updates patching two critical, zero-interaction vulnerabilities in six router models — three Wi-Fi 6 business access points and three Nighthawk Pro Gaming routers. Both flaws are exploitable without any authentication or user action, making them high-priority targets for network-level attackers. Netgear’s official security advisory is published at netgear.com/about/security.
Two Vulnerabilities: RCE and Authentication Bypass
PSV-2023-0039 is a remote code execution (RCE) vulnerability that allows an unauthenticated attacker to execute arbitrary code on the device — effectively gaining full control of the router’s operating system, routing table, and connected network. PSV-2021-0117 is an authentication bypass that allows an attacker to access the router administration interface without credentials. Used in combination, an attacker on the local network or, depending on configuration, from the internet can bypass authentication and then execute code. Neither CVE identifier has been assigned by NIST as of this writing, as Netgear uses its own PSV tracking system; check the NVD database for updated CVE mappings.
Affected Models: WAX and XR Series
The six confirmed vulnerable models are:
- WAX206 (Wi-Fi 6 business access point)
- WAX214v2 (Wi-Fi 6 business access point)
- WAX220 (Wi-Fi 6 business access point)
- XR1000 (Nighthawk Pro Gaming router)
- XR1000v2 (Nighthawk Pro Gaming router)
- XR500 (Nighthawk Pro Gaming router)
WAX-series devices are commonly deployed in small business and branch office environments. XR-series routers are predominantly in home and enthusiast use. Both deployment contexts face the same exploitation risk.
Patching WAX and XR Routers Against PSV-2023-0039 and PSV-2021-0117
- Log in to your router’s admin interface (typically 192.168.1.1 or the address printed on the device label) and navigate to Firmware Update under Advanced settings.
- Apply the latest available firmware — Netgear’s advisory page lists the specific patched version for each model. Confirm the installed version matches or exceeds the patched release before proceeding.
- If your model supports automatic firmware updates, enable the feature to reduce the window for future unpatched vulnerabilities.
- Disable remote management (WAN-side admin access) unless it is specifically required for your setup — both vulnerabilities are more easily exploited when the admin interface is internet-facing.
- Change the default admin password to a unique, strong credential; authentication bypass vulnerabilities are substantially more dangerous when default credentials remain in place.
Netgear has not disclosed whether these vulnerabilities are being actively exploited in the wild. Given that both are zero-interaction critical flaws in widely deployed devices, firmware patching should be treated as urgent regardless of exploitation status.
