Netgear Releases Fixing Update for a Wide Range of Router Products

By Bill Toulas / September 22, 2021

Netgear, the California-based networking hardware maker, released a set of firmware upgrades for a range of router products, addressing “CVE-2021-40847”. This is a remote code execution flaw via a man-in-the-middle attack that takes place through the Circle Parental Control Service that exists on various Netgear routers.

An attacker could monitor the communication of the circled daemon with the vendor’s update center and send a specially crafted update file to the target device. This would overwrite the legitimate files with potentially malicious code, planting malware on the router.

The vulnerable models are the following:

The fixes released by Netgear are the following:

If you’re using one of the above, make sure to visit Netgear’s support page, find the right firmware update package for your model, and then download and install it. Instructions on how to perform firmware updates are included in the download pack.

The flaw has a severity score of 8.1 according to CVSS v3.0, so it is classified as “highly” important. Exploiting this vulnerability may lead to taking complete control of the affected system. This means you cannot afford to delay the application of the firmware patch. Keep in mind that botnet developers are very quick to incorporate exploits for published vulnerabilities that affect a large number of widely deployed network tools, and this flaw is an amazing candidate for that.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari