Home » Technology » Netgear Warns Of Security Vulnerabilities In Its Routers

Netgear Warns Of Security Vulnerabilities In Its Routers

Netgear routers

The network specialist Netgear has discovered a serious security gap in a number of its routers and has corrected it with an update. The vulnerability makes remote code execution possible and should be patched urgently.

The security gap is therefore in the so-called Circle Parental Control Service, which runs with root rights on many modern Netgear routers for small offices and home offices. This service is activated by default, regardless of whether the user is using parental controls or not. This is now reported by the online magazine Bleeping Computer. The full list of Netgear routers susceptible to the CVE-2021-40847 vulnerability, as well as the patched firmware versions, is provided at the end of the post.

Attacks possible

Netgear has identified the problem as a serious security issue. The vulnerability has now been disclosed under CVE-2021-40847. The GRIMM security researcher Adam Nichols explains how the security gap could be exploited: “The update process of the Circle Parental Control Service on various Netgear routers enables remote attackers with network access via a man-in-the-middle (MitM) – Attack RCE to gain root. “

Read More: Realtek Chips Are Prone To Attacks Researchers Claim

Sensitive data at risk

To successfully exploit this vulnerability, attackers would have to modify or intercept network traffic while on the same network in order to obtain code execution as root on the targeted router. After gaining access, the attacker can take complete control of the network traffic. It can then potentially read encrypted data that is exchanged with other devices, including those on the victim’s corporate network.

Netgear has therefore made new firmware available for a number of routers. In a security warning, Netgear asked its customers to download and install the update as soon as possible.

Affected firmware

  • R6400v2 firmware version 1.0.4.120
  • R6700 firmware version 1.0.2.26
  • R6700v3 firmware version 1.0.4.120
  • R6900 firmware version 1.0.2.26
  • R6900P firmware version 3.3.142_HOTFIX
  • R7000 firmware version 1.0.11.128
  • R7000 firmware version 1.3.3.142_HOTFIX
  • R7850 firmware version 1.0.5.76
  • R7900 firmware version 1.0.4.46
  • R8000 firmware version 1.0.4.76
  • RS400 firmware version 1.5.1.80