79 Netgear router models were just found containing a severe security vulnerability that could lead to remote control. More specifically, the vulnerability affects 758 firmware versions used in 79 Netgear router models.
Netgear Routers Affected by Security Vulnerability
The flaw was discovered by two cybersecurity researchers – Adam Nichols from GRIMM and d4rkn3ss from Vietnamese ISP VNPT. It is noteworthy that the two researchers made the discovery independently, with both of them saying they reported the vulnerability to Netgear at the beginning of the year.
According to Adam Nichols’s technical analysis, the vulnerability resides in the web server component which is included in the router firmware. Nichols’ report is focused on “auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed.”
Because of the vulnerability’s scope and the number of affected devices, Netgear initially requested more time to address the problem. Since the extension period has already expired, the researchers made their discoveries public via the Zero-Day Initiative program.
It is crucial to note that not all impacted routers will be patched, because some of them have reached end-of-life years ago. Here’s a list of all 79 Netgear router models that are affected by the flaw:
AC1450
D6220
D6300
D6400
D7000v2
D8500
DC112A
DGN2200
DGN2200v4
DGN2200M
DGND3700
EX3700
EX3800
EX3920
EX6000
EX6100
EX6120
EX6130
EX6150
EX6200
EX6920
EX7000
LG2200D
MBM621
MBR624GU
MBR1200
MBR1515
MBR1516
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6250
R6300
R6300v2
R6400
R6400v2
R6700
R6700v3
R6900
R6900P
R7000
R7000P
R7100LG
R7300
R7850
R7900
R8000
R8300
R8500
RS400
WGR614v8
WGR614v9
WGR614v10
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3100RP
WN3500RP
WNCE3001
WNDR3300
WNDR3300v2
WNDR3400
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR834Bv2
WNR1000v3
WNR2000v2
WNR3500
WNR3500v2
WNR3500L
WNR3500Lv2
XR300
According to Nichols, this vulnerability would not be exploitable in most modern software:
Modern software typically contains stack cookies which would prevent exploitation. However, the R7000 does not use stack cookies. In fact, of all of the Netgear products which share a common codebase, only the D8500 firmware version 1.0.3.29 and the R6300v2 firmware versions 1.0.4.12-1.0.4.20 use stack cookies. However, later versions of the D8500 and R6300v2 stopped using stack cookies, making this vulnerability once again exploitable. This is just one more example of how SOHO [Small Office/Home Office devices] device security has fallen behind as compared to other modern software, Nichols noted in his report.
Here’s the full technical disclosure of the Netgear vulnerability.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: