Millions of Netgear routers need security updates right away — what you need to do

1. Abode
2. News
3. Security

Millions of Netgear routers demand security updates right away — what you need to do

(Image credit: Netgear)

Got a Netgear router? I do, and similar yours, mine probably needs to be patched correct abroad.

That's because the enterprising folks at D.C.-area security firm Grimm have found still another very serious Netgear flaw, as detailed in a report Nov. sixteen. This comes (relatively) hot on the heels of the previous agglomeration of Netgear security updates back in September of this year.

This fourth dimension around, Netgear lists more xl different models of routers, range extenders and a couple of other devices, from models about a decade erstwhile to brand-new models on our list of the best Wi-Fi routers, that demand to install firmware updates to protect themselves from full hacker takeover.

Unfortunately, near forty other Netgear models may not get whatsoever updates, as many of them are already too old to go whatever further support.

We've got a list of all the afflicted models at the end of this story. All together, we're looking at about 80 different models of Wi-Fi routers, Wi-Fi range extenders, DSL gateways and other devices. The number of afflicted individual units has to be at to the lowest degree several hundred yard, and may be in the low millions.

How to update your Netgear router's firmware

The newer your Netgear router is, the easier it is to update the firmware. Netgear's Orbi mesh routers generally update themselves, and they likewise take a companion smartphone app that you tin can apply to check for and to install updates.

Netgear's Nighthawk routers also take a companion app, although using information technology is optional for at least some models, as is the automatic-update setting. With some Nighthawks, information technology's generally best to go into the authoritative interface (try "http://192.168.1.1/admin" or "routerlogin.internet" while connected to your home network) and cheque the "Advanced" department for firmware updates. From there, y'all should be able to launch the update sequence.

If the above methods don't work with your Netgear router, so yous need to get to Netgear back up at https://www.netgear.com/back up/ and type in the model number of your router in the search filed at the top of the page. (Nosotros've got more instructions here on how to update your router's firmware.)

Nonetheless, the model number may not exist obvious. Some routers come with their branding and specifications proudly listed on the box, such every bit "Nighthawk AXE11000 Tri-Ring WiFi 6E." But that'south not the model name, which is actually "RAXE500." (That'southward the router in the photo at the acme of this story, and information technology does demand to be patched.)

Look for a sticker on the router itself displaying the model number — information technology may be on the side or on the bottom. To further complicate things, Netgear sometimes changes the inner circuits of a router while leaving the exterior the same during the production lifespan, then you may see a "v2" or "v3" appended to the model number.

Once yous have the model number, the search office on the Netgear back up site should take y'all to that model's back up folio. Scroll down the page to observe "Firmware and Software Downloads" and click it.

You'll so come across a push that will let you download the firmware update to your PC or Mac. Do that, but don't forget to click the Release Notes link just beneath it, which in turn will pb y'all to a link that leads to a downloadable version of your router's user manual, which will show you how to install the firmware update. The firmware update itself may come with its ain instructions.

So what is this Netgear flaw that's being fixed?

The fatal flaw in all of these models involves a stack-overflow vulnerability in the Universal Plug and Play component of the router firmware. The flaw is catalogued as CVE-2021-34991 and is listed as applying to just i specific router with a specific firmware version, which got an update on Sept. sixteen. Just the trouble is much more widespread than that.

Universal Plug and Play,  or UPnP for short, is a protocol that lets new devices, such as gaming consoles or printers, connect to routers without a lot of fuss. It turns out that a graphic symbol limit in one function of the UPnP protocol on these Netgear routers permits an attacker on the local network — i.e., already linked to your router equally a regular user — to send a malicious command to the router that overrides the routers internal safeguards and gives the router total command without any kind of dominance.

One time that's done, the attacker can pretty much run into anything you do online, and can too send y'all to malicious websites or interruption into more devices on your network.

You may think that information technology's plenty to merely continue intruders out of your network to prevent such an assault, but it's not that difficult to fissure a Wi-Fi network access password or to sneak malicious software onto a poorly secured device, such every bit an out-of-engagement computer or a smart-home device.

Suffice it to say that you desire to install the Netgear firmware update on your router tout suite — if you tin can.

Netgear routers with firmware patches available

Here'south a list, copied from the Netgear website, of the models that have firmware updates or "hot fixes" bachelor to fix this flaw, along with the most recent firmware version that they should be updated to.

Routers:

•     R6400 fixed in firmware version 1.0.1.76
•     R6400v2 fixed in firmware version one.0.4.120
•     R6700v3 stock-still in firmware version 1.0.4.120
•     R6900P fixed in firmware version 1.three.3.142_HOTFIX
•     R7000 fixed in firmware version 1.0.11.128
•     R7000P fixed in firmware version 1.three.3.142_HOTFIX
•     R7100LG fixed in firmware version 1.0.0.72
•     R7850 fixed in firmware version ane.0.5.76
•     R7900P fixed in firmware version ane.iv.ii.84
•     R7960P fixed in firmware version i.4.ii.84
•     R8000 fixed in firmware version ane.0.4.76
•     R8000P stock-still in firmware version i.4.2.84
•     R8300 fixed in firmware version i.0.ii.156
•     R8500 stock-still in firmware version 1.0.2.156
•     RAX15 stock-still in firmware version one.0.iv.100
•     RAX20 fixed in firmware version i.0.4.100
•     RAX200 fixed in firmware version 1.0.5.132
•     RAX35v2 stock-still in firmware version 1.0.4.100
•     RAX38v2 stock-still in firmware version one.0.4.100
•     RAX40v2 fixed in firmware version 1.0.4.100
•     RAX42 stock-still in firmware version one.0.4.100
•     RAX43 fixed in firmware version i.0.4.100
•     RAX45 stock-still in firmware version 1.0.4.100
•     RAX48 fixed in firmware version 1.0.iv.100
•     RAX50 fixed in firmware version 1.0.four.100
•     RAX50S fixed in firmware version 1.0.iv.100
•     RAX75 fixed in firmware version 1.0.5.132
•     RAX80 stock-still in firmware version 1.0.five.132
•     RAXE450 fixed in firmware version 1.0.eight.lxx
•     RAXE500 fixed in firmware version 1.0.8.70
•     RS400 fixed in firmware version 1.5.1.80
•     WNDR3400v3 stock-still in firmware version 1.0.1.42
•     WNR3500Lv2 fixed in firmware version 1.2.0.lxx
•     XR300 stock-still in firmware version i.0.iii.68

DSL Modem Routers:

•     D6220 fixed in firmware version 1.0.0.76
•     D6400 fixed in firmware version 1.0.0.108
•     D7000v2 fixed in firmware version one.0.0.76
•     DGN2200v4 stock-still in firmware version 1.0.0.126

Wi-Fi extenders:

•     EX3700 fixed in firmware version 1.0.0.94
•     EX3800 fixed in firmware version one.0.0.94
•     EX6120 fixed in firmware version 1.0.0.66
•     EX6130 fixed in firmware version 1.0.0.66

AirCards:

•     DC112A fixed in firmware version 1.0.0.62

Cablevision Modems:

•     CAX80 fixed in firmware version ii.1.iii.v

Netgear models that may or may not go a firmware update

Here's a list of Netgear models that the Grimm team determined were vulnerable to these attacks, but which Netgear hasn't specifically listed every bit getting patches for this flaw. The firmware version numbers listed below ARE vulnerable, according to Grimm.

Unfortunately, there are models on Netgear'southward listing of patches that aren't on Grimm's list of vulnerable devices. And there are models on Grimm's listing that aren't on Netgear's list, yet have received security patches in the last few months that pushed the firmware versions beyond the vulnerable ones listed beneath, and so they may really accept bachelor patches for this flaw.

To complicate things further, there are six models that Grimm says are non vulnerable because past firmware updates "broke" UPnP for them. 4 of those — D6220, D6400, R6400 and R7000 — are on Netgear's list of patched models. Two others, D8500 and R6300v2, are not, and the but bachelor firmware updates for them are the vulnerable ones listed below.

The all-time thing to do, if y'all have ane of the models listed beneath, is to follow the procedures above virtually checking to see if a firmware update is available for your model on the Netgear support site.

If the available firmware update has a version number later than what's beneath, then you may be getting a patch for the above flaw, specially if the release annotation for the flaw has a appointment in the past few months. Go ahead and install the update.

But if the version number of the bachelor firmware update matches the firmware number below, and the release-note engagement is more than than a few months sometime, then it might be time to go a new router.

• AC1450 - 1.0.0.36
• D6300 - 1.0.0.102
• D8500 - 1.0.3.60
• DGN2200M - 1.0.0.35
• DGND3700v1 - i.0.0.17
• EX3920 - ane.0.0.88
• EX6000 - 1.0.0.44
• EX6100 - one.0.2.28
• EX6150 - 1.0.0.46
• EX6920 - 1.0.0.54
• EX7000 - 1.0.1.94
• MVBR1210C - 1.2.0.35BM
• R4500 - one.0.0.4
• R6200 - 1.0.1.58
• R6200v2 - 1.0.3.12
• R6250 - ane.0.4.48
• R6300 - one.0.two.fourscore
• R6300v2 - ane.0.four.52
• R6700 - 1.0.2.sixteen
• R6900 - i.0.2.16
• R7300DST - 1.0.0.74
• R7900 - 1.0.4.38
• WGR614v9 - 1.ii.32
• WGT624v4 - 2.0.13
• WNDR3300v1 - 1.0.45
• WNDR3300v2 - i.0.0.26
• WNDR3400v1 - i.0.0.52
• WNDR3400v2 - one.0.0.54
• WNDR3700v3 - ane.0.0.42
• WNDR4000 - 1.0.2.x
• WNDR4500 - 1.0.1.46
• WNDR4500v2 - i.0.0.72
• WNR834Bv2 - ii.one.13
• WNR1000v3 - 1.0.2.78
• WNR2000v2 - i.ii.0.12
• WNR3500 - 1.0.36NA
• WNR3500v2 - 1.ii.2.28NA
• WNR3500L - 1.2.2.48NA

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has likewise been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'due south been rooting around in the data-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'due south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Boob tube news spots and even chastened a console word at the CEDIA dwelling-applied science conference. You lot can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/netgear-router-patches-nov21

Posted by: hubbarddirarew.blogspot.com

Share this post