RCE Flaws in Netgear Router Models

With all the commotion being spread in the last year due to the covid-19 pandemic, everyone now is getting used to a new life of staying away from people. Though at this same time everyone is getting more connected with the internet and networks. And in this connection of networks, internet one company named Netgear is doing pretty good. But for those who don’t know, Netgear is a multinational company providing networking devices & services. However, recently somd vulnerabilities have been found in some Netgear products. So today let’s find out about these RCE Flaws in Netgear Router Models.

 

What are the RCE Flaws in Netgear Router Models?

 

This security flaw is being identified with CVE-2021-40847 and it has infected several Netgear router Models. The severity score of this Vulnerability is being reported around 8.1.

Below are the listed models of routers that have been infected with this security flaw along with their firmware version in which the security patch is released. 

Do Routers Go Bad?
  • R6400v2 (fixed in firmware version 1.0.4.120)
  • R6700 (fixed in firmware version 1.0.2.26)
  • R6700v3 (fixed in firmware version 1.0.4.120)
  • R6900 (fixed in firmware version 1.0.2.26)
  • R6900P (fixed in firmware version 3.3.142_HOTFIX)
  • R7000 (fixed in firmware version 1.0.11.128)
  • R7000P (fixed in firmware version 1.3.3.142_HOTFIX)
  • R7850 (fixed in firmware version 1.0.5.76)
  • R7900 (fixed in firmware version 1.0.4.46)
  • R8000 (fixed in firmware version 1.0.4.76)
  • RS400 (fixed in firmware version 1.5.1.80)

 

Also Read: Apple Emergency Security Update For Pegasus Spyware

 

Where is this Vulnerability Found?

 

According to the security researchers who found this flaw, the Vulnerability is present in third-party components of Netgear devices that offer parental control features. This Vulnerability is exposed by the security researcher Adam Nichols.

 

What Can Attackers Do?

 

If this Vulnerability somehow gets exploited by bad attackers then one can easily perform Remote Code Execution with administrative privileges. Not only that but a Man in the Middle Attack can be performed as well.

 

Ethix

I'm a coding geek interested in cyberspace who loves to write and read

Leave a Reply

Your email address will not be published.