NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Netgear routers are at risk of getting hacked: What to do
Netgear this week has pushed out a passel of patches for its home networking gear, covering seven modem-router gateways, one range extender and 40-odd routers, including some Nighthawk models and Orbi mesh routers and satellites.
A full list of the affected models is at the end of this story.
The worst of the flaws lets hackers remotely install malware on the Nighthawk X4S gaming router, model R7800. That could lead to the entire Wi-Fi network and all web traffic that runs through it being compromised. Netgear gives that vulnerability a severity score of 9.4/10, which qualifies as "critical."
List of all Netgear home networking devices that need to install the March 2020 firmware updates
Modem/routers:
D6200, D6220, D6400, D7000, D7000v2, D7800, D8500
Range extenders:
PR2000
Routers:
JR6150, R6120, R6220, R6230, R6250, R6260, R6400, R6400v2, R6700, R6700v2, R6700v3, R6800, R6900, R6900P, R6900v2, R7000, R7000P, R7100LG, R7300DST, R7500v2, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R9000, RAX120, RBR20 (Orbi), RBS20 (Orbi), RBK20 (Orbi), RBR40 (Orbi), RBS40 (Orbi), RBK40 (Orbi), RBR50 (Orbi), RBS50 (Orbi), RBK50 (Orbi), XR500, XR700
More information: https://www.tomsguide.com/news/netgear-security-firmware-patches
14 Replies
"What to do?" is indeed the question. Having both the R7000 and RBR50, I went immediately to the Netgear support pages:
Most recent firmware for R7000 - page was updated Aug, 2019
Most recent firmware for RBR50 - page was updated Dec 2019
No sign of "March 2020 Updates". "Has pushed out" oh, sure.
NG can't even fix their SSL cert that expired last August, that gives me little confidence they have a fix for this, as no March 2020 updates are available on their site yet.
From the Threatpost.com website three days ago:
Netgear is urging customers to visit its online support page and search by device model for the most recent firmware to update and patch their devices.
OK Netgear, where are you hiding the updates?
Be sure to click on the link for each vulnerability in the Tom's article and read the specifics.
For example, for my R7000, only one of the four effects my R7000:
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
https://kb.netgear.com/000061760/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-Routers-and-Gateways-PSV-2018-0352
which says:
R7000, running firmware versions prior to 1.0.9.42I am running the latest firmware which is V1.0.9.88_10.2.88. So these alerts do not apply to me and my R7000. Ho hum, big nothing burger for me.
But if you have a model and firmware level that is impacted, it is a big deal...but look at the specifics before asking "where is the new firmware".
My process with these things is:
- Follow each link in the article to find the Netgear KB article describing the vulnerability
- Check for my model number and the firmware level that is vulnerable
- Look at my current firmware version on my router. If I am patched past that firmware, this does not effect me
I agree entirely with this analysis, and did the same thing. My frustration is with the Netgear "Chicken Little" press release. "Vulnerable! Vulnerable! Must upgrade to the March, 2020 security update."
So with regards to the Orbi's it lists:
- RBR20, running firmware versions prior to 2.3.5.26
- RBS20, running firmware versions prior to 2.3.5.26
- RBK20, running firmware versions prior to 2.3.5.26
- RBR40, running firmware versions prior to 2.3.5.30
- RBS40, running firmware versions prior to 2.3.5.30
- RBK40, running firmware versions prior to 2.3.5.30
- RBR50, running firmware versions prior to 2.3.5.30
- RBS50, running firmware versions prior to 2.3.5.30
- RBK50, running firmware versions prior to 2.3.5.30
So it appears then that if you have 2.3.5.30 or higher, like 2.5.1.8 you should be good.
Does these vulnerabilites affect Netgear routers that have been flashed with custom firmware like Advanced Tomato?
