Own one of these 11 Netgear routers? If so, patch it immediately

Shawn Knight

Shawn Knight

Posts: 15,291   +192
Staff member
In brief: Netgear has issued firmware updates for nearly a dozen routers after learning of a vulnerability that can be exploited for remote code execution. Worse yet, you don't even need to be using the associated software to become a victim.

Netgear’s security advisory notes that affected models include the R6400v2, R6700, R6700v3, R6900, R6900P, R7000, R7000P, R7850, R7900, R8000 and the RS400. For proper identification, simply check the sticker on the back or the bottom of your Netgear router to see if it matches one of the models listed above.

In the event your model is impacted, simply head over to Netgear’s support site. There, you can enter your model number and download the appropriate patch. Follow the instructions in the release notes to install the updated firmware.

(The PoC exploiting the Circle update on the R7000. Credit Grimm)

According to this blog post from security firm Grimm, the vulnerability is related to third-party parental control software called Circle that was originally designed by Disney. The optional software, even if it wasn’t utilized, came pre-installed on several Netgear routers. As Grimm's Adam Nichols explains:

The update process of the Circle Parental Control Service on various Netgear routers allows remote attackers with network access to gain RCE as root via a Man-in-the-Middle (MitM) attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by default.

Nichols said the daemon connects to Circle and Netgear to get things like version information and to update its filtering database. Notably, the database updates from Netgear are unsigned and download over HTTP instead of the more secure HTTPS.

This means that an attacker who can pull off a MitM attack can insert a specially-crafted database file. When this file is extracted, it can give the attacker "the ability to overwrite executable files with attacker-controlled code."

Circle discontinued its MyCircle app and Circle Go mobile device management software for the Circle 1st gen app at the end of last year, but said the changes do not apply to its Circle on Netgear products.

Permalink to story.

https://www.techspot.com/news/91383-own-one-11-netgear-routers-if-patch-immediately.html

 
I have a love/hate relationship with netgear. Their switches are easy to pick up for cheap used, but there is a reason for that....
 
  • Like
Reactions: envirovore
I stop using them and went back to Logitech. Had back to back issues with Netgear.
Likely going to get a new router either end of the year or next spring.
 
I have a Netgear that came from my ISP. I don’t think I’ll break the plastic and unbox it to update it.
 
Beerfloat said:
I have a Netgear that came from my ISP. I don’t think I’ll break the plastic and unbox it to update it.
Click to expand...
Doesn't your ISP update supplied routers/modems - when it senses and off time . I think some even message an update is coming.

 
kiwigraeme said:
Doesn't your ISP update supplied routers/modems - when it senses and off time . I think some even message an update is coming.
Click to expand...
Some do, but I ditched the last ISP that tried to switch me over to a router with proprietary firmware. My current ones just speak DHCP and PPPOE so I don't need to deal with the bundled Netgear.
 
I used to have one of those listed routers. It was the most unstable and awful piece of kit I've evet owned. With every firmware release they issued to fix stability issues and lockups it would become even more unstable. It required constant power recycling to keep working. I can't stress highly enough how far I would stay away from a netgear router now. The hardware is fine and quite fast when its not locked up, but they are utterly incapable of writing firmware.
 
  • Like
Reactions: texasrattler
OortCloud said:
I used to have one of those listed routers. It was the most unstable and awful piece of kit I've evet owned. With every firmware release they issued to fix stability issues and lockups it would become even more unstable. It required constant power recycling to keep working. I can't stress highly enough how far I would stay away from a netgear router now. The hardware is fine and quite fast when its not locked up, but they are utterly incapable of writing firmware.
Click to expand...

I've had a R7000 for almost 7 years now and it's been rock solid once I stopped using it for wifi. It's been working great as just a wired router (internal antenna APs turned off) paired with a single Unifi AP.
 
Up until last week I used an R7000 router to doing all the routing, QoS and Wifi for my business (10 PC's, a few servers, and 6 employees with heavy computer usage). I got about 5 years out of that router. I also flashed it with DD-WRT the day I got it, since I have had issues with Netgear firmware in the past.

Only reason I swapped it out was I went to dual WAN, and a Ubiquiti Edge router makes that very easy to setup.
 
Don't you like it when your router is downloading updates whenever it feels like it's the appropriate time, without asking the user anything?

Coming next: " Boeing 787 downloads and installs software updates during flight."
What could possibly go wrong?
 
You must log in or register to reply here.

Similar threads

A
DARPA and Northrop Grumman are exploring the concept of a lunar train and railroad system
Replies
7
Views
271
Endymio
Endymio
Daniel Sims
  • Locked
All Cybertrucks recalled because acceleration pedals can become stuck
2
Replies
42
Views
327
captaincranky
captaincranky
midian182
Despite increasing to $16.8 million, Intel CEO Pat Gelsinger's compensation still pales in comparison to AMD's Lisa Su
Replies
9
Views
188
Silkaura
S

Latest posts

Back