A threat actor has announced the sale of a zero-day (0day) vulnerability for Netgear Orbi routers, which allows for pre-authentication remote code execution (RCE) with root privileges. According to the threat actor, this vulnerability affects a total of 51,287 devices.
The threat actor claims that the deal will be conducted through a trusted source acting as a middleman. Proof of funds is required before they will send the proof of concept (PoC), in order to avoid wasting time.
The sale highlights the critical security risk posed by unpatched vulnerabilities in widely-used consumer networking devices.