GRIMM, A Cybersecurity research company uncovers a remote code execution vulnerability on multiple Netgear routers. Let’s see the list of Netgear routers affected by the remote code execution vulnerability, how attackers exploit it, What are the implications, and at last how to fix the CVE-2021-40847 vulnerability.
List Of Netgear Routers Affected With CVE-2021-40847 The Remote Code Execution Vulnerability:
Netgear has released patches to fix a high-severity remote code execution vulnerability for all the affected products. Here is the list of routers with the most recent version of the firmware during the time of publishing the post. Please update the firmware as soon as possible.
- R6400v2 – 126.96.36.199
- R6700 – 188.8.131.52
- R6700v3 – 184.108.40.206
- R6900 – 220.127.116.11
- R6900P – 18.104.22.168
- R7000 – 22.214.171.124
- R7000P – 126.96.36.199
- R7850 – 188.8.131.52
- R7900 – 184.108.40.206
- R8000 – 220.127.116.11
- RS400 – 18.104.22.168
What Is CVE-2021-40847:
A remote code execution vulnerability with the CVSS score: 8.1. According to the report, the vulnerability is not a typical router vulnerability it exists in a third-party component that Netgear uses with its firmware Circle, one of the best tools which offers parental control features.
The Circle embedded in the firmware runs the daemon by default even the parental control features are not enabled on the routers. Since the code runs as root on the affected routers it gives a path to exploit.
What Are The implications of CVE-2021-40847?
This RCE vulnerability allows remote attackers to achieve a Man-in-the-Middle (MITM) attack by redirecting the router’s traffic if attackers have access to the network of the victim with a vulnerable device. This traffic redirection could lead to exploit remote code execution, traffic interception, and the compromised router could be used as part of other attack chains.
How Attackers Abuse CVE-2021-40847 To Enter Enterprise Network?
- At first, attackers will launch reconnaissance attacks to find information like ISP, device model, version information.
- The attacker then may do phishing based on the information gathered during the first reconnaissance attacks.
- Then the attacker will try to join the network of the victim and compromise the router.
- Attackers use the compromised routers as part of a other attack chains. Example they can use the routers to connect to the corporate network for further exploitation.
How To Fix CVE-2021-40847?
The fix to this flaw is simple. The vendor could fix this vulnerability with the release of a patch that can disable the vulnerable code when Circle is not in use. However, at the time of writing the blog, Netgear has released the patch and made it available to download for all affected routers. More information is available in this report. We recommend downloading the latest firmware for your device and upgrade its firmware to the latest version.
- Visit the NETGEAR Support portal.
- Type your model number in the search box, then select your model from the drop-down menu as soon as it appears.
- Click Downloads.
- Under Current Versions, select the first download whose title begins with Firmware Version.
- Click Release Notes.
- Follow the instructions written in the firmware release notes to download and install the new firmware.
Please follow these tips to secure your router:
- Create a strong and unique password:
- Enable network encryption:
- Filter the MAC addresses:
- Reducing the wireless signal range:
- Upgrade the router’s firmware:
- Make use of guest network:
This is how you can fix the CVE-2021-40847 vulnerability.