Friday, November 25

Thousands of Netgear Routers Can Be Hacked – Here’s What You Should Do

Damn kids. Due to an optional parental control feature that apparently wasn’t all that optional, nearly a dozen widely used Netgear home Wi-Fi router models have a serious security flaw and need to be fixed.

The affected models are the R6400v2, R6700, R6700v3, R6900, R6900P, R7000, R7000P, R7850, R7900, R8000 and RS400, most of them in the “Nighthawk” line and physically almost identical. Firmware updates are now available for all of them.

  • Your Wi-Fi router could tell everyone where you live, what it can do
  • Best Wi-Fi routers
  • Plus: All Macs can be hacked with this new flaw, and there is no solution yet.

The flaw can be exploited by a bad guy who gains access to your Wi-Fi network, which may not always be as difficult to do as it sounds, and is then used to take control of your home or small office network and send him to God. -know-where on the Internet.

Because Netgear markets its home routers with somewhat misleading terminology, for example the R7000 is also labeled ‘Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router’, you may want to flip the router and check the label on the bottom to see if it’s real. model name.

How to update the firmware of your Netgear router

To update your router’s firmware, Netgear’s security advisory recommends going to their support page at and then dialing your model number. From there, you will be taken to the support page for your model. You can download a Zip file to your PC and unzip it.

Next, use your favorite web browser to access your router’s administrative interface (most likely, click on the Advanced tab, select Administration, and click on Router Update. You can upload the file to the router from there.

See also  Halo 3: ODST Reimagining Mod Expertly Enhances One Of The Series’ Best Campaigns

However, for most of these routers, it will be just as easy to download the firmware update directly to the router. Follow the web administrative interface instructions in the previous paragraph and then click the check for updates button instead of uploading a file from your PC or Mac.

Software vulnerable de Disney Circle

The issue here stems from the Disney-designed Circle parental control feature, which was rolled out to Netgear Nighthawk and Orbi mesh routers, some of them already in customer homes, as an optional add-on feature in 2017.

The Orbis and the newer Wi-Fi 6 Nighthawks got parental control software built in-house by Netgear earlier this year, while the Circle service was discontinued for older Nighthawk models in late 2020.

Here’s the catch: If you have one of the affected routers, the vulnerable Circle software is on your device, regardless of whether you’ve ever paid the $ 4.99 monthly fee for the Circle feature.

“The Circle update daemon that contains the vulnerability is enabled to run by default, even if you have not configured your router to use parental control features,” he explained. Adam Nichols from the DC area security company GRIMM in a blog post. (Computer ringing previously reported this story.)

“While it doesn’t fix the underlying problem, simply disabling the vulnerable code when Circle is not in use would have prevented exploitation on most devices.”

In other words, you have a problem related to software that you probably did not request and that may have been introduced to your device through a firmware update after you bought it.

See also  Phantom Hellcat, A Nier-Inspired Hack-And-Slash Action Adventure, Revealed In New Trailer

A side note about Netgear security patches

We have run many Netgear router security alerts over the past few years, with at least two in 2020. So we want to reiterate that Netgear’s consistent policy of finding, patching, and publishing its security flaws is a good thing, despite negative headline results.

The only reason you don’t hear about a lot of security flaws from some other major router manufacturers is because they don’t tell you about the flaws. At least we know when something goes wrong with Netgear routers and how to fix it.

The same principle applies to Windows PCs, Macs, iPhones, and Android phones. All of those devices get regular security updates to fix flaws, and they’re better at it. You don’t want a router that never receives firmware updates.

  • Your Router Security Sucks – Here’s How To Fix It

What’s going on here?

This flaw, listed as CVE-2021-40847, was discovered by GRIMM researchers. They realized that there was a Circle update daemon, or mini-program, called “circled” (presumably pronounced “circle-dee”) on older Netgear Nighthawk routers.

After some testing they found that the Circle update daemon was running as root, enabled by default, and could still be exploited even if it was disabled.

“Circle’s Parental Control Service Upgrade Process on Multiple Netgear Routers Allows Remote Attackers with Network Access to Get RCEs [remote code execution] as root via a Man-in-the-Middle (MitM) attack, ”Nichols wrote on the GRIMM blog.

Because Netgear firmware updates are downloaded over old HTTP and are not encrypted, Nichols explained, they could theoretically be intercepted, tampered with, and then transmitted in poison form to routers – a classic man-in-the-attack attack. middle.

See also  Mario Kart 8 is already the second best-selling Nintendo game in history | LevelUp

Netgear protects against this by encrypting your firmware update files and digitally signing them, making it quite difficult for an attacker to read, modify, or install altered firmware.

Not so Circle. Your update file is just a compressed database without any internal protection.

GRIMM demonstrated that it was not difficult to introduce malicious code into a Circle update and, from there, take full control of a router, which in turn would give the attacker full control of your home internet traffic (or small office).

This may not be entirely Circle’s fault. It could be that the firmware update connections on your Circle with discontinued Disney hardware devices were encrypted, eliminating the need to encrypt update files as well.

If so, then this new flaw may be the result of something falling between the cracks in the different upgrade models when the Circle software was transferred to Netgear devices.

The Netgear firmware you want to terminate with

Here’s a list from the Netgear site of the firmware versions you want to have on each device.

  • R6400v2 fixed in firmware version
  • R6700 fixed in firmware version
  • R6700v3 fixed in firmware version
  • R6900 fixed in firmware version
  • R6900P fixed in firmware version 3.3.142_HOTFIX
  • R7000 fixed in firmware version
  • R7000P fixed in firmware version
  • R7850 fixed in firmware version
  • R7900 fixed in firmware version
  • R8000 fixed in firmware version
  • Fixed RS400 on firmware version

Leave a Reply

Your email address will not be published. Required fields are marked *