Netgear Releases Fixing Update for a Wide Range of Router Products
- Netgear has released a set of firmware updates for 11 routers that are vulnerable to remote exploitation.
- There are no workarounds or mitigations for the flaw other than applying the fixing update.
- Those who choose to leave their routers vulnerable may soon face botnet infection trouble.
Netgear, the California-based networking hardware maker, released a set of firmware upgrades for a range of router products, addressing “CVE-2021-40847”. This is a remote code execution flaw via a man-in-the-middle attack that takes place through the Circle Parental Control Service that exists on various Netgear routers.
An attacker could monitor the communication of the circled daemon with the vendor’s update center and send a specially crafted update file to the target device. This would overwrite the legitimate files with potentially malicious code, planting malware on the router.
The vulnerable models are the following:
- R6400v2
- R6700
- R6700v3
- R6900
- R6900P
- R7000
- R7000P
- R7850
- R7900
- R8000
- RS400
The fixes released by Netgear are the following:
- R6400v2 fixed in firmware version 1.0.4.120
- R6700 fixed in firmware version 1.0.2.26
- R6700v3 fixed in firmware version 1.0.4.120
- R6900 fixed in firmware version 1.0.2.26
- R6900P fixed in firmware version 3.3.142_HOTFIX
- R7000 fixed in firmware version 1.0.11.128
- R7000P fixed in firmware version 1.3.3.142_HOTFIX
- R7850 fixed in firmware version 1.0.5.76
- R7900 fixed in firmware version 1.0.4.46
- R8000 fixed in firmware version 1.0.4.76
- RS400 fixed in firmware version 1.5.1.80
If you’re using one of the above, make sure to visit Netgear’s support page, find the right firmware update package for your model, and then download and install it. Instructions on how to perform firmware updates are included in the download pack.
The flaw has a severity score of 8.1 according to CVSS v3.0, so it is classified as “highly” important. Exploiting this vulnerability may lead to taking complete control of the affected system. This means you cannot afford to delay the application of the firmware patch. Keep in mind that botnet developers are very quick to incorporate exploits for published vulnerabilities that affect a large number of widely deployed network tools, and this flaw is an amazing candidate for that.