Thousands of Netgear Routers Are at Risk of Being Hacked: What to Do

Thousands of Netgear Routers Are at Risk of Being Hacked: What to Do

Netgear distributed a patch for home networking devices this week, covering seven modem router gateways, one range extender, and more than 40 routers, including some Nighthawk models, Orbi mesh routers, and satellites.

A full list of affected models is at the end of this article.

The worst of the flaws allows hackers to remotely install malware on the Nighthawk X4S gaming router, model R7800. This could compromise the entire Wi-Fi network and all web traffic going through it. Netgear has identified this vulnerability as "critical" with a severity rating of 9.4/10.

Almost as serious is the "Pre-Authentication Command Injection Security Vulnerability" present in five models, which could also lead to an entire network takeover. This vulnerability affects the R6400v2, R6700, R6700v3, R6900, and R7900 router models. The severity is "high" at 8.3/10.

Immediately behind it is a "post-authentication command injection security vulnerability". The only difference from the previous flaw is that the attacker must be logged in somehow. R6700, R6700v2, R6700v3, R6800, R6900, R6900P, R6900v2, R7000, R7000P, R7100LG, R7300DST, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R 9000, and XR500 routers.

Moderately dangerous is an "authentication bypass security vulnerability" present in 11 routers and gateways and one range extender. Netgear's description of this flaw is rather vague, but its severity score of 6.8/10, or "medium," suggests that an outside attacker could gain unauthorized access to a home Wi-Fi network.

While this may be dangerous for other devices connected to the network, it is probably not dangerous for the router itself. The flaw affects the D6200 and D7000 modem routers, the PR2000 Wi-Fi range extender, and the R6050, JR6150, R6120, R6220, R6230, R6260, R6700v2, R6800, and R6900v2 routers.

About 20 flaws are related to "stored cross-site scripting," which may mean that someone can add unauthorized commands to the router's management interface if they have the management password in the first place Netgear does not provide details. Netgear does not provide details, so we can only speculate here.

However, Netgear rates the severity of all of these as "moderate" at 6/10. There are too many routers affected to introduce in this paragraph. If your model appears in the table below but not in the list of more serious flaws above, then you have one of these cross-site scripting flaws.

Now here's the fun part. Netgear is not very good at telling customers exactly what the model number of each router actually is.

Netgear rarely uses the actual model number in its consumer marketing and packaging, which is useless when customers have to scramble to figure out if their model needs a security update.

For example, one model that currently has a cross-site scripting flaw, the R8000P, is marketed as the AC4000 Nighthawk X6S Tri-Band WiFi Router with MU-MIMO.

On the Netgear website page for this model, one must squint to find the model number or notice that the number is part of the page URL. Similarly, the Netgear Nighthawk X6S review does not mention the actual R8000P model name.

To determine which Netgear model you are looking for, turn the device over and look at the sticker on the bottom. The model number should be printed below the "NETGEAR" logo in the upper left corner.

Unfortunately, the update procedure varies by model; Orbis and some newer Nighthawks can be patched from the included smartphone app. Older models require downloading a compressed file to a PC or Mac, connecting the router or modem router to the computer, and applying the patch manually.

Easiest way:

If your router has a Netgear app for smartphones that came with your router, open that app and locate where to update your router's firmware.

A somewhat less easy way:

While connected to your home Wi-Fi network, you can also open a web browser on your laptop or PC and type "www.routerlogin.net"" or "192.168.1.1." Go to the router's local management interface.

Enter the administrator username and password - let's hope you didn't leave the factory defaults - then find the Advanced tab, select Manage, and Update Router. Click "Check" and your router will check for updates.

It's tedious, but if there is no other way, you have to do it:

Alternatively, all Netgear users can go to Netgear's support website, narrow down their model by taking a few steps, see if there is firmware available download it to their PC, and find an online user manual on how to install the firmware.

We wish this were an easier process. Updating your router is one of the most important things you can do to keep your computers, smartphones, gaming consoles, smart home devices, and personal information safe. Someday, all router manufacturers will understand this.

Modems/Routers:

D6200, D6220, D6400, D7000, D7000v2, D7800, D8500

Range Extenders:

PR2000

Routers:

JR6150, R 6120, R6220, R6230, R6250, R6260, R6400, R6400v2, R6700, R6700v2, R6700v3, R6800, R6900, R6900P, R6900v2, R7000, R7000P, R7100LG, R7300DST, R7500v2, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R9000, RAX120, RBR20 (Orbi), RBS20 (Orbi), RBK20 (Orbi), RBR40 (Orbi), RBS40 (Orbi), RBK40 ( Orbi), RBR50 (Orbi), RBS50 (Orbi), RBK50 (Orbi), XR500, XR700

.

Categories