Netgear Zero-Day Vulnerability Allows Full Takeover

A cybersecurity researcher found a Netgear Zero-Day vulnerability which allows full takeover of about 79 Netgear router models.

“The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer.”

“This vulnerability affects firmwares as early as 2007 (WGT624v4, version 2.0.6),” he said in his post. “Given the large number of firmware images, manually finding the appropriate gadgets is infeasible. Rather, this is a good opportunity to automate gadget detection.”

Affected router models

Netgear r6700

According to Nichols, 79 Netgear router models and 758 firmware images contain the vulnerable HTTPD daemon.

A list of these affected models and firmware can be found in Nichols’ PoC exploit.

Below we can see the 79 router models that are affected:

AC1450 MBR1516 WGR614v9
D6220 MBRN3000 WGR614v10
D6300 MVBR1210C WGT624v4
D6400 R4500 WN2500RP
D7000v2 R6200 WN2500RPv2
D8500 R6200v2 WN3000RP
DC112A R6250 WN3100RP
DGN2200 R6300 WN3500RP
DGN2200v4 R6300v2 WNCE3001
DGN2200M R6400 WNDR3300
DGND3700 R6400v2 WNDR3300v2
EX3700 R6700 WNDR3400
EX3800 R6700v3 WNDR3400v2
EX3920 R6900 WNDR3400v3
EX6000 R6900P WNDR3700v3
EX6100 R7000 WNDR4000
EX6120 R7000P WNDR4500
EX6130 R7100LG WNDR4500v2
EX6150 R7300 WNR834Bv2
EX6200 R7850 WNR1000v3
EX6920 R7900 WNR2000v2
EX7000 R8000 WNR3500
LG2200D R8300 WNR3500v2
MBM621 R8500 WNR3500L
MBR624GU RS400 WNR3500Lv2
MBR1200 WGR614v8 XR300
MBR1515    

Netgear has released some new firmware releases for newer models however these devices do not automatically update themselves. You will have to download the firmware from the website then log into your router and update the firmware.

Leave a Reply