Damn kids. Due to an optional parental control feature that apparently wasn’t all that optional, nearly a dozen widely used Netgear home Wi-Fi router models have a serious security flaw and need to be fixed.
The affected models are the R6400v2, R6700, R6700v3, R6900, R6900P, R7000, R7000P, R7850, R7900, R8000 and RS400, most of them in the “Nighthawk” line and physically almost identical. Firmware updates are now available for all of them.
- Your Wi-Fi router could tell everyone where you live, what it can do
- Best Wi-Fi routers
- Plus: All Macs can be hacked with this new flaw, and there is no solution yet.
The flaw can be exploited by a bad guy who gains access to your Wi-Fi network, which may not always be as difficult to do as it sounds, and is then used to take control of your home or small office network and send him to God. -know-where on the Internet.
Because Netgear markets its home routers with somewhat misleading terminology, for example the R7000 is also labeled ‘Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router’, you may want to flip the router and check the label on the bottom to see if it’s real. model name.
How to update the firmware of your Netgear router
To update your router’s firmware, Netgear’s security advisory recommends going to their support page at https://www.netgear.com/support/ and then dialing your model number. From there, you will be taken to the support page for your model. You can download a Zip file to your PC and unzip it.
Next, use your favorite web browser to access your router’s administrative interface (most likely http://192.168.1.1), click on the Advanced tab, select Administration, and click on Router Update. You can upload the file to the router from there.
However, for most of these routers, it will be just as easy to download the firmware update directly to the router. Follow the web administrative interface instructions in the previous paragraph and then click the check for updates button instead of uploading a file from your PC or Mac.
Software vulnerable de Disney Circle
The issue here stems from the Disney-designed Circle parental control feature, which was rolled out to Netgear Nighthawk and Orbi mesh routers, some of them already in customer homes, as an optional add-on feature in 2017.
The Orbis and the newer Wi-Fi 6 Nighthawks got parental control software built in-house by Netgear earlier this year, while the Circle service was discontinued for older Nighthawk models in late 2020.
Here’s the catch: If you have one of the affected routers, the vulnerable Circle software is on your device, regardless of whether you’ve ever paid the $ 4.99 monthly fee for the Circle feature.
“The Circle update daemon that contains the vulnerability is enabled to run by default, even if you have not configured your router to use parental control features,” he explained. Adam Nichols from the DC area security company GRIMM in a blog post. (Computer ringing previously reported this story.)
“While it doesn’t fix the underlying problem, simply disabling the vulnerable code when Circle is not in use would have prevented exploitation on most devices.”
In other words, you have a problem related to software that you probably did not request and that may have been introduced to your device through a firmware update after you bought it.
A side note about Netgear security patches
We have run many Netgear router security alerts over the past few years, with at least two in 2020. So we want to reiterate that Netgear’s consistent policy of finding, patching, and publishing its security flaws is a good thing, despite negative headline results.
The only reason you don’t hear about a lot of security flaws from some other major router manufacturers is because they don’t tell you about the flaws. At least we know when something goes wrong with Netgear routers and how to fix it.
The same principle applies to Windows PCs, Macs, iPhones, and Android phones. All of those devices get regular security updates to fix flaws, and they’re better at it. You don’t want a router that never receives firmware updates.
- Your Router Security Sucks – Here’s How To Fix It
What’s going on here?
This flaw, listed as CVE-2021-40847, was discovered by GRIMM researchers. They realized that there was a Circle update daemon, or mini-program, called “circled” (presumably pronounced “circle-dee”) on older Netgear Nighthawk routers.
After some testing they found that the Circle update daemon was running as root, enabled by default, and could still be exploited even if it was disabled.
“Circle’s Parental Control Service Upgrade Process on Multiple Netgear Routers Allows Remote Attackers with Network Access to Get RCEs [remote code execution] as root via a Man-in-the-Middle (MitM) attack, ”Nichols wrote on the GRIMM blog.
Because Netgear firmware updates are downloaded over old HTTP and are not encrypted, Nichols explained, they could theoretically be intercepted, tampered with, and then transmitted in poison form to routers – a classic man-in-the-attack attack. middle.
Netgear protects against this by encrypting your firmware update files and digitally signing them, making it quite difficult for an attacker to read, modify, or install altered firmware.
Not so Circle. Your update file is just a compressed database without any internal protection.
GRIMM demonstrated that it was not difficult to introduce malicious code into a Circle update and, from there, take full control of a router, which in turn would give the attacker full control of your home internet traffic (or small office).
This may not be entirely Circle’s fault. It could be that the firmware update connections on your Circle with discontinued Disney hardware devices were encrypted, eliminating the need to encrypt update files as well.
If so, then this new flaw may be the result of something falling between the cracks in the different upgrade models when the Circle software was transferred to Netgear devices.
The Netgear firmware you want to terminate with
Here’s a list from the Netgear site of the firmware versions you want to have on each device.
- R6400v2 fixed in firmware version 188.8.131.52
- R6700 fixed in firmware version 184.108.40.206
- R6700v3 fixed in firmware version 220.127.116.11
- R6900 fixed in firmware version 18.104.22.168
- R6900P fixed in firmware version 3.3.142_HOTFIX
- R7000 fixed in firmware version 22.214.171.124
- R7000P fixed in firmware version 126.96.36.199_HOTFIX
- R7850 fixed in firmware version 188.8.131.52
- R7900 fixed in firmware version 184.108.40.206
- R8000 fixed in firmware version 220.127.116.11
- Fixed RS400 on firmware version 18.104.22.168