Last week, Netgear released hotfixes for Nighthawk RAX30 (AX2400) routers that had a network configuration error that might have given a remote attacker unrestricted access to services meant for the local network.
The bug existed because the WAN interface of these devices had IPv6 enabled by default, but did not apply for IPv6 traffic access restrictions that were otherwise applied for IPv4 traffic. Services running on the router that may unintentionally be listening via IPv6, such as SSH and Telnet on ports 22 and 23, may be reachable from the internet as a result of this configuration error.
Also Read: Key Strategies for Enterprise Cybersecurity in 2023
Tenable claims that the patch from Netgear also affected other Pwn2Own participants.
Read More: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches
