Netgear Routers

Two cybersecurity researchers, Adam Nichols from GRIMM and d4rkn3ss from Vietnamese ISP VNPT has discovered an unpatched zero-day flaw in 79 Netgear router. This flaw allows hackers to take full control of the device, and both the researchers have disclosed this vulnerability independently and already informed about this flaw to Netgear.

Soon after knowing about the vulnerability, Netgear confirmed the quick arrival of a patch. Since the vulnerability attack the incoming data that are handled by the Netgear, that’s why the flaw would enable an attacker to build a specially crafted string that will perform commands on the router without requiring any authenticate.

Exploit Development

According to the reports, the vulnerability affects nearly 758 different firmware versions that have been applied on 79 Netgear routers over the years, and some firmware versions are used on devices published in 2007. 

More importantly, the bug remains in the web server component that’s injected in the vulnerable Netgear router firmware. And the web servers are used to control the router’s built-in administration panel. While in this event, 79 routers of Netgear has been affected by this vulnerability.

The vulnerability happens before the Cross-Site Request Forgery (CSRF) token is verified. Therefore, this exploit can also be followed through a CSRF attack, and if the affected router browses to a malicious website, that website could utilize the user’s router.

Netgear Routers Version Detection

Detecting the version is one of the essential parts of the vulnerability, as the exploitation can undoubtedly be performed is to remotely identify the model and version of the router that has been attacked.

It will be useless for an attacker to remotely fingerprint a device, as the exploit that has been detected for this zero-day flaw can automatically determine the model and version targeted by the attacker using this strategy.

Router models that are affected by this zero-day security flaw

There are a total of 79 router models that are affected by this zero-day security flaw, and here they are:-

AC1450    MBR1516    WGR614v9

D6220                MBRN3000    WGR614v10

D6300                MVBR1210C    WGT624v4

D6400                R4500                WN2500RP

D7000v2    R6200                WN2500RPv2

D8500                R6200v2    WN3000RP

DC112A    R6250                WN3100RP

DGN2200    R6300                WN3500RP

DGN2200v4    R6300v2    WNCE3001

DGN2200M    R6400                WNDR3300

DGND3700    R6400v2    WNDR3300v2

EX3700    R6700                WNDR3400

EX3920    R6900                WNDR3400v3

EX6000    R6900P    WNDR3700v3

EX6100    R7000                WNDR4000

EX6120    R7000P    WNDR4500

EX6130    R7100LG    WNDR4500v2

EX6150    R7300                WNR834Bv2

EX6200    R7850                WNR1000v3

EX6920    R7900                WNR2000v2

EX7000    R8000                WNR3500

LG2200D    R8300                WNR3500v2

MBM621    R8500                WNR3500L

MBR624GU    RS400                WNR3500Lv2

MBR1200    WGR614v8    XR300

MBR1515

We all know that routers are one of the essential security boundaries that block attackers from directly utilizing the computers in a network. 

Although, due to the weak code feature and a reduction, the inadequate analysis has ended in thousands of vulnerable SOHO devices being revealed to the internet for over a decade.

NETGEAR Advisory:

NERGEAR advisory report says that they are working for the fix on additional hotfixes and final firmware fixes for all affected products.

Also they recommended users to : Turning off Remote Management on the router or gateway Web GUI significantly reduces the risk of exposure to these vulnerabilities.

You can discuss more in this thread in the NETGEAR community where you get assistance users in a more interactive basis.

“NETGEAR is committed to maintaining the security of our products and we monitor for both known and unknown threats, which includes being proactive to potential risks,” NETGEAR told Cyber Security News.

Security Advisory for Multiple Vulnerabilities on Some Routers, Mobile Routers, Modems, Gateways, and Extenders


Leave a Reply