Netgear Router Vulnerability Update: After reviewing the target list for the Zero Day Initiative’s (ZDI) Pwn2Own Toronto event, Tenable’s Zero Day Research Team began investigating the NETGEAR Nighthawk router. Pwn2Own is a hacking competition where participants target widely used software and devices exploiting zero-day vulnerabilities.
Pwn2Own supports ZDI’s more significant objectives of gathering and notifying vendors of vulnerabilities, developing signatures for intrusion detection, and assisting defenders in reducing their exposure.
A challenge in the contest is a small office/home office (SOHO) “smashup” created to simulate a real-world attack in which a hacker would take advantage of vulnerabilities in several devices to penetrate a home network.
Because the competition’s targets are so widely utilized, there is a much higher possibility that security experts have already examined them and found intriguing flaws.
While teams and individuals spend weeks gathering their zero days, vendors may issue rushed upgrades that can break attack chains.
Unfortunately, the day before the Pwn2Own registration deadline, NETGEAR patched one of the most critical weaknesses in the Tenable team’s attack chain.
Netgear Bug Discovered And Fixed
The implications of buffer overflow assaults can, however, “vary from crashes following denial of service to arbitrary code execution, assuming code execution is gained during the assault,” as stated by Bleeping Computer. Netgear didn’t offer any other details on the problem.
Netgear provides a comprehensive list of the WiFi routers that are vulnerable to the security hole, along with the firmware updates that each device needs to be fixed:
- RAX40 fixed in firmware version 188.8.131.52
- RAX35 fixed in firmware version 184.108.40.206
- R6400v2 fixed in firmware version 220.127.116.11
- R6700v3 fixed in firmware version 18.104.22.168
- R6900P fixed in firmware version 22.214.171.124
- R7000P fixed in firmware version 126.96.36.199
- R7000 fixed in firmware version 188.8.131.52
- R7960P fixed in firmware version 184.108.40.206
- R8000P fixed in firmware version 220.127.116.11
How To Update A Netgear Router’s Firmware?
The company has supplied instructions for changing the router’s firmware. Do the following right away if you own one of the routers mentioned above:
- Check out NETGEAR Support.
- When the drop-down menu displays, select your model after starting to type your model number in the search box.
- Check to ensure whether you entered your model number correctly or choose a product category to look for your product model if you don’t see a drop-down selection.
- Press Downloads.
- Choose the download whose name starts with “Firmware Version” under Current Versions.
- To download, click.
- To install the updated firmware, adhere to the directions in your product’s user manual, firmware release notes, or product support page.
The pre-authentication buffer overflow vulnerability remains if you don’t follow all the requirements, Netgear warns at the bottom of the security advisory on its support page. The statement adds, “NETGEAR is not accountable for any impacts that might have been avoided by following the recommendations in this notification.