NETGEAR Patches Critical Security Vulnerabilities in WiFi Routers (CVE-2025-25246) and Access Points

NETGEAR has recently issued security advisories addressing critical vulnerabilities in several of its WiFi router and access point models.

The first advisory, PSV-2023-0039, warns of an unauthenticated remote code execution (RCE) vulnerability (CVE-2025-25246) affecting the XR1000, XR1000v2, and XR500 routers. This vulnerability could allow an attacker to take complete control of the affected device without needing any login credentials. NETGEAR has assigned a CVSS score of 9.8, indicating a critical severity level.

Impacted Router Models and Fixed Firmware Versions:

• XR1000 – Fixed in firmware 1.0.0.74
• XR1000v2 – Fixed in firmware 1.1.0.22
• XR500 – Fixed in firmware 2.3.2.134

The second advisory, PSV-2024-0117, details an authentication bypass vulnerability impacting the WAX206, WAX220, and WAX214v2 access points. This flaw could permit an unauthorized user to bypass authentication and gain access to the device’s administrative interface. This vulnerability also carries a critical CVSS score of 9.6.

Impacted Access Point Models and Fixed Firmware Versions:

• WAX206 – Fixed in firmware 1.0.5.3
• WAX220 – Fixed in firmware 1.0.3.5
• WAX214v2 – Fixed in firmware 1.0.2.5

NETGEAR has released firmware updates to address these vulnerabilities and strongly advises users to install the latest firmware versions as soon as possible.

To update your NETGEAR device’s firmware:

1. Visit NETGEAR Support.
2. Enter your model number in the search box and select your model from the drop-down menu.
3. Click Downloads.
4. Under Current Versions, select the download that starts with Firmware Version.
5. Click Download.
6. Follow the instructions in your product’s user manual, firmware release notes, or product support page to install the new firmware.

It is crucial to keep your network devices updated with the latest firmware to protect yourself from potential cyberattacks.

Related Posts:

• Netgear Patches Multiple Vulnerabilities in CAX30, XR1000, and R7000 Routers
• Vital Firmware Update Alert for Netgear RAX30 WiFi Router Owners
• CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published
• Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available