Netgear logo

Owners of popular Netgear router models should look into installing firmware updates on their devices as Netgear finished deploying patches for a slew of security issues discovered and reported by US cyber-security firm Trustware.

Trustwave researchers discovered five issues affected 17 Netgear router models, in total, including the company's top-seller —the Nighthawk router series.

All issues were discovered and privately reported in March 2017 via Netgear's bug bounty program. The hardware vendor slowly patched and issued updates for all five flaws during the course of last year.

Trustwave has gone public with its findings last week, in the hopes that users who did not upgrade their router's firmware will now take the time to visit Netgear's site and download firmware updates.

Below is a summary of all the five vulnerabilities, a short description, and lists with the affected router models.

Password Recovery and File Access

This bug requires physical access to the device, but an attacker can insert a USB thumb drive into the router/modem and obtain files from its storage space, including passwords.

Fixes available via Netgear's website here. List of vulnerable products below.

D8500 running firmware versions 1.0.3.27 and earlier
DGN2200v4 running firmware versions 1.0.0.82 and earlier
R6300v2 running firmware versions 1.0.4.06 and earlier
R6400 running firmware versions 1.0.1.20 and earlier
R6400v2 running firmware versions 1.0.2.18 and earlier
R6700 running firmware versions 1.0.1.22 and earlier
R6900 running firmware versions 1.0.1.20 and earlier
R7000 running firmware versions 1.0.7.10 and earlier
R7000P running firmware versions 1.0.0.58 and earlier
R7100LG running firmware versions 1.0.0.28 and earlier
R7300DST running firmware versions 1.0.0.52 and earlier
R7900 running firmware versions 1.0.1.12 and earlier
R8000 running firmware versions 1.0.3.46 and earlier
R8300 running firmware versions 1.0.2.86 and earlier
R8500 running firmware versions 1.0.2.86 and earlier
WNDR3400v3 running firmware versions 1.0.1.8 and earlier
WNDR4500v2 running firmware versions 1.0.0.62 and earlier

Authentication Bypass

An attacker —who can access the router from the Internet or from an internal network— can bypass authentication by adding "&genie=1" in the router's admin panel URL. Trustwave describes this bug as "trivial to exploit."

Fixes available via Netgear's website here. List of vulnerable products below.

D6220, running firmware versions prior to 1.0.0.26
D6400, running firmware versions prior to 1.0.0.60
D8500, running firmware versions prior to 1.0.3.29
R6250, running firmware versions prior to 1.0.4.12
R6400, running firmware versions prior to 1.01.24
R6400v2, running firmware versions prior to 1.0.2.30
R6700, running firmware versions prior to 1.0.1.22
R6900, running firmware versions prior to 1.0.1.22
R6900P, running firmware versions prior to 1.0.0.56
R7000, running firmware versions prior to 1.0.9.4
R7000P, running firmware versions prior to 1.0.0.56
R7100LG, running firmware versions prior to 1.0.0.32
R7300DST, running firmware versions prior to 1.0.0.54
R7900, running firmware versions prior to 1.0.1.18
R8000, running firmware versions prior to 1.0.3.44
R8300, running firmware versions prior to 1.0.2.100_1.0.82
R8500, running firmware versions prior to 1.0.2.100_1.0.82

Post-Authentication Command Injection

An already authenticated attacker can run root-level commands on affected routers and modems via the "device_name" parameter on the lan.cgi page.

Fixes available via Netgear's website here. List of vulnerable products below.

D8500 running firmware versions 1.0.3.28 and earlier
R6400 running firmware versions 1.0.1.22 and earlier
R6400v2 running firmware versions 1.0.2.18 and earlier
R8300 running firmware versions 1.0.2.94 and earlier
R8500 running firmware versions 1.0.2.94 and earlier
R6100 running firmware versions 1.0.1.12 and earlier

Command Injection (Chained Attack)

An attacker can combine an already known CSRF attack and the previous two bugs to run root-level commands without authentication.

Fixes available via Netgear's website here. List of vulnerable products below.

D6220, running firmware versions prior to 1.0.0.26
D6400, running firmware versions prior to 1.0.0.60
D8500, running firmware versions prior to 1.0.3.29
R6250, running firmware versions prior to 1.0.4.12
R6400, running firmware versions prior to 1.01.24
R6400v2, running firmware versions prior to 1.0.2.30
R6700, running firmware versions prior to 1.0.1.22
R6900, running firmware versions prior to 1.0.1.22
R6900P, running firmware versions prior to 1.0.0.56
R7000, running firmware versions prior to 1.0.9.4
R7000P, running firmware versions prior to 1.0.0.56
R7100LG, running firmware versions prior to 1.0.0.32
R7300DST, running firmware versions prior to 1.0.0.54
R7900, running firmware versions prior to 1.0.1.18
R8000, running firmware versions prior to 1.0.3.44
R8300, running firmware versions prior to 1.0.2.100_1.0.82
R8500, running firmware versions prior to 1.0.2.100_1.0.82

Command Injection Vulnerability

This is another flaw that lets attackers run root-level commands, but it's harder to exploit. An attacker must have physical access to the device in order to press the WPS (Wi-Fi Protected Setup) button in order to exploit this flaw.

Fixes available via Netgear's website here. List of vulnerable products below.

R6100 running firmware versions prior to 1.0.1.14
R7500 running firmware versions prior to 1.0.0.110
R7500v2 running firmware versions prior to 1.0.3.16
R7800 running firmware versions prior to 1.0.2.32
EX6200v2 running firmware versions prior to 1.0.1.50
D7800 running firmware versions prior to 1.0.1.22

Related Articles:

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Adobe Releases October 2018 Security Updates. None for Flash Player!

Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1

Security Update for Foxit PDF Reader Fixes 118 Vulnerabilities

Tumblr Fixes Security Bug that Leaked Private Account Info