Critical NETGEAR Router Flaw Allows Full Admin Access by Attackers

A critical vulnerability (CVE-2025-4978) has been found in certain NETGEAR routers, allowing attackers to bypass authentication and take control of affected devices. This flaw highlights the security risks inherent in embedded web servers used in IoT devices. #CVE-2025-4978 #NETGEARDGND3700v2

Keypoints

The vulnerability resides in the router’s mini_http server, specifically in the /BRS_top.html endpoint.
Exploitation allows attackers to disable authentication and access the administrative interface without credentials.
Impact includes modification of network settings, credential theft, malware deployment, and traffic interception.
NETGEAR has released firmware version 1.1.00.26 to patch the flaw; users should update immediately.
Experts recommend disabling remote management and monitoring network traffic to mitigate risks.