Netgear Releases Fixing Update for a Wide Range of Router Products

  • Netgear has released a set of firmware updates for 11 routers that are vulnerable to remote exploitation.
  • There are no workarounds or mitigations for the flaw other than applying the fixing update.
  • Those who choose to leave their routers vulnerable may soon face botnet infection trouble.

Netgear, the California-based networking hardware maker, released a set of firmware upgrades for a range of router products, addressing “CVE-2021-40847”. This is a remote code execution flaw via a man-in-the-middle attack that takes place through the Circle Parental Control Service that exists on various Netgear routers.

An attacker could monitor the communication of the circled daemon with the vendor’s update center and send a specially crafted update file to the target device. This would overwrite the legitimate files with potentially malicious code, planting malware on the router.

The vulnerable models are the following:

  • R6400v2
  • R6700
  • R6700v3
  • R6900
  • R6900P
  • R7000
  • R7000P
  • R7850
  • R7900
  • R8000
  • RS400

The fixes released by Netgear are the following:

  • R6400v2 fixed in firmware version 1.0.4.120
  • R6700 fixed in firmware version 1.0.2.26
  • R6700v3 fixed in firmware version 1.0.4.120
  • R6900 fixed in firmware version 1.0.2.26
  • R6900P fixed in firmware version 3.3.142_HOTFIX
  • R7000 fixed in firmware version 1.0.11.128
  • R7000P fixed in firmware version 1.3.3.142_HOTFIX
  • R7850 fixed in firmware version 1.0.5.76
  • R7900 fixed in firmware version 1.0.4.46
  • R8000 fixed in firmware version 1.0.4.76
  • RS400 fixed in firmware version 1.5.1.80

If you’re using one of the above, make sure to visit Netgear’s support page, find the right firmware update package for your model, and then download and install it. Instructions on how to perform firmware updates are included in the download pack.

The flaw has a severity score of 8.1 according to CVSS v3.0, so it is classified as “highly” important. Exploiting this vulnerability may lead to taking complete control of the affected system. This means you cannot afford to delay the application of the firmware patch. Keep in mind that botnet developers are very quick to incorporate exploits for published vulnerabilities that affect a large number of widely deployed network tools, and this flaw is an amazing candidate for that.

Latest
How to Watch Shetland Season 7 Online From Anywhere
Shetland is back to answer all of the questions that left us hanging at the end of the last series, and you...
Real Madrid Vs Eintracht Frankfurt Live Stream: How to Watch UEFA Super Cup Final Online From Anywhere
The new soccer season is upon us, which means it is time for the UEFA Super Cup Final. Played between the previous...
How to Watch I Am Groot Online On Disney Plus
Marvel's I Am Groot is almost here, which means Marvel fans need to add one more show to their watchlist this summer. We...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]