Netgear leaves vulnerabilities unpatched in Nighthawk router

Netgear-modem
Netgear R6700v3
Source: Netgear

Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched.

Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.

The six flaws were discovered by researchers at cybersecurity company Tenable and could allow an attacker on the network to take complete control of the device:

  • CVE-2021-20173: A post-authentication command injection flaw in the update functionality of the device, making it susceptible to command injection.
  • CVE-2021-20174: HTTP is used by default on all communications of the device’s web interface, risking username and password interception in cleartext form.
  • CVE-2021-20175: SOAP Interface (port 5000) uses HTTP to communicate by default, risking username and password interception in cleartext form.
  • CVE-2021-23147: Command execution as root without authentication via a UART port connection. Exploiting this flaw requires physical access to the device.
  • CVE-2021-45732: Configuration manipulation via hardcoded encryption routines, allowing the changing of settings that are locked for reasons of security.
  • CVE-2021-45077: All usernames and passwords for the device’s services are stored in plaintext form in the configuration file.

On top of the aforementioned security issues, Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain vulnerabilities. The researechers also note that the device uses a MiniDLNA is server version with publicly known flaws.

POST request forcing an update check to exploit CVE-2021-20173
POST request forcing an update check to exploit CVE-2021-20173
Source: Tenable

The recently disclosed flaws affect firmware version 1.0.4.120, which is the latest release for the device.

Users are advised to change the default credentials to something unique and strong and follow recommended security practices for more robust defense against malware infections.

Also, check Netgear’s firmware download portal regularly and install new versions as soon as they become available. Turning on automatic updates on your router is also recommended.

The current security report refers to Netgear R6700 v3, which is still under support, not Netgear R6700 v1 and R6700 v2, which have reached end of life. If you are still using the older models, it is recommended to upgrade them.

Tenable disclosed the above issues to the vendor on September 30, 2021, and even though some information exchange in the form of clarifications and suggestions took place afterward, the problems remain unaddressed.

We have reached out to Netgear asking for a comment on the above, and we will add an update to this story as soon as we hear back from them.