High-Severity RCE Vulnerability Found in Several Netgear Routers

Cybersecurity experts discovered a serious RCE vulnerability in several Netgear models.

Alexander Alexander
Sep 22, 2021 - 12:52
High-Severity RCE Vulnerability Found in Several Netgear Routers
High-Severity RCE Vulnerability Found in Several Netgear Routers | Image credits: Threatpost

A critical remote code execution vulnerability affecting many routers has been discovered and fixed by networking equipment manufacturer Netgear, according to The Hacker News.

As explained by GRIMM security researcher Adam Nichols, the security vulnerability is in Circle, a third-party component that is included in the firmware with the Circle update daemon turned on by default. With this configuration, a Man-in-the-Middle (MitM) attack might grant attackers with network access the ability to acquire root-level code execution (RCE).

With Circle, Netgear, and the update daemon Circled working together in this manner, an interloper can stage a MitM attack and respond to the request to download new database entries with a specially crafted compressed database file, which allows the attacker to gain the ability to replace active binaries with malicious code.

Nichols stated "Since this code is run as root on the affected routers, exploiting it to obtain RCE is just as damaging as a RCE vulnerability found in the core Netgear firmware," [...] "This particular vulnerability once again demonstrates the importance of attack surface reduction."

A few weeks ago, a Google security engineer named Gynvael Coldwind revealed details of three severe security vulnerabilities dubbed Demon's Cries, Draconian Fear, and Seventh Inferno that affected over a dozen of the company's smart switches and allowed threat actors to bypass authentication and take complete control of vulnerable devices.

The vulnerability in question is tracked as CVE-2021-40847, and has a CVSS score: 8.1. The following devices are affected by the security flaw:

R8000, which is fixed in firmware version 1.0.4.76
R7850, which is fixed in firmware version 1.0.5.76
R7000, which is fixed in firmware version 1.0.11.128
R6900, which is fixed in firmware version 1.0.2.26
R6700, which is fixed in firmware version 1.0.2.26
RS400, which is fixed in firmware version 1.5.1.80
R7900, which is fixed in firmware version 1.0.4.46
R7000P, which is fixed in firmware version 1.3.3.142_HOTFIX
R6900P, which is fixed in firmware version 3.3.142_HOTFIX
R6700v3, which is fixed in firmware version 1.0.4.120
R6400v2, which is fixed in firmware version 1.0.4.120

Tags: