- Netgear has released a set of firmware updates for 11 routers that are vulnerable to remote exploitation.
- There are no workarounds or mitigations for the flaw other than applying the fixing update.
- Those who choose to leave their routers vulnerable may soon face botnet infection trouble.
Netgear, the California-based networking hardware maker, released a set of firmware upgrades for a range of router products, addressing “CVE-2021-40847”. This is a remote code execution flaw via a man-in-the-middle attack that takes place through the Circle Parental Control Service that exists on various Netgear routers.
An attacker could monitor the communication of the circled daemon with the vendor’s update center and send a specially crafted update file to the target device. This would overwrite the legitimate files with potentially malicious code, planting malware on the router.
The vulnerable models are the following:
The fixes released by Netgear are the following:
- R6400v2 fixed in firmware version 188.8.131.52
- R6700 fixed in firmware version 184.108.40.206
- R6700v3 fixed in firmware version 220.127.116.11
- R6900 fixed in firmware version 18.104.22.168
- R6900P fixed in firmware version 3.3.142_HOTFIX
- R7000 fixed in firmware version 22.214.171.124
- R7000P fixed in firmware version 126.96.36.199_HOTFIX
- R7850 fixed in firmware version 188.8.131.52
- R7900 fixed in firmware version 184.108.40.206
- R8000 fixed in firmware version 220.127.116.11
- RS400 fixed in firmware version 18.104.22.168
If you’re using one of the above, make sure to visit Netgear’s support page, find the right firmware update package for your model, and then download and install it. Instructions on how to perform firmware updates are included in the download pack.
The flaw has a severity score of 8.1 according to CVSS v3.0, so it is classified as “highly” important. Exploiting this vulnerability may lead to taking complete control of the affected system. This means you cannot afford to delay the application of the firmware patch. Keep in mind that botnet developers are very quick to incorporate exploits for published vulnerabilities that affect a large number of widely deployed network tools, and this flaw is an amazing candidate for that.