NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulnerable
My NETGEAR NIGHTHAWK model C7100V aka AC1900 Router-Modem is functioning now with my ISP Comcast / Xfinity. The current 'best' firmware NetGear lists is version 2.01.45, which has been around for more than a year. BUT A NEW CRITICAL VULNERABILITY catalogued as CVE-2021-40847 GRIMM researchers says many NetGear Routers must get a firmware ASAP due to "Circle software" that was built into existing firmware - designed for parental controls. " GRIMM showed that it wasn't hard to sneak malicious code into a Circle update and from there completely seize control of a router, which in turn would grant the attacker complete control of your home (or small office) internet traffic"
See report: https://www.tomsguide.com/news/netgear-router-circle-patches..
Netgear has issued on 9/20/21 a firmware update "R7000-V1.0.11.128_10.2.112.zip" but the model C7100V CAN NOT BE UPDATED BY ANY USER. ONLY MY ISP (COMCAST/XFINITY) CAN UPDATE MY FIRWARE. I contacted Comcast and they DNK anything about the vulnerability or any firmware update. I was instructed to contact NETGEAR .... which I am now doing.
1. Is my Router Modem C7100V vulnerable, and 2. If so, how can I get an updated safe firmware?
Please include COMCAST/XFINITY tech ... you have contacts ... to include them in any answers.
Thanks.
ForceTen Ok, this subject has come up before:
https://community.netgear.com/t5/Cable-Modems-Routers/New-C7100v-Comcast-Firmware/td-p/1942256
So clearly, Comcast do push out firmware updates when required, otherwise the user in the link above, wouldn't have had the update pushed to them.
The firmware you have mentioned, V2.01.45 does seem to be the only firmware update that has so far been pushed out.
How long have you had this modem cable router? Is it an ISP supplied piece of kit?
The other firmware you linked to, has nothing to do with your model of router/modem, it is for the R7000 AC1900 model.
Others have mentioned the C7100v before, just use the search function:
My personal advice, if you're worried enough about security/firmware and this model of router isn't making you feel comfortable, if it's an ISP supplied router, ask them if they'll take it back or swap it for a newer version, or buy a different model replacement, but make sure you know first what your'e purchasing and that it's compatible for your ISP setup.
3 Replies
ForceTen Ok, this subject has come up before:
https://community.netgear.com/t5/Cable-Modems-Routers/New-C7100v-Comcast-Firmware/td-p/1942256
So clearly, Comcast do push out firmware updates when required, otherwise the user in the link above, wouldn't have had the update pushed to them.
The firmware you have mentioned, V2.01.45 does seem to be the only firmware update that has so far been pushed out.
How long have you had this modem cable router? Is it an ISP supplied piece of kit?
The other firmware you linked to, has nothing to do with your model of router/modem, it is for the R7000 AC1900 model.
Others have mentioned the C7100v before, just use the search function:
My personal advice, if you're worried enough about security/firmware and this model of router isn't making you feel comfortable, if it's an ISP supplied router, ask them if they'll take it back or swap it for a newer version, or buy a different model replacement, but make sure you know first what your'e purchasing and that it's compatible for your ISP setup.
Thank you, Portwey84 --
Hmm ... I purchased this device, described officially as "Nighthawk - AC1900 WiFi Cable Modem Router for Xfinity Internet & Voice" aka C7100V in 2018 as it was highly rated by COMCAST then, and continues now to be recommended: https://approvedmodemlist.com/comcast-xfinity-approved-modems/.
The problem is TWO DIFFERENT NETGEAR devices are both named "AC1900" by Comcast. My C7100V and also the listed-vulnerable model R7000 are BOTH called "AC1900" by Comcast. --- Damn Comcast for sloppy model naming!
TomsGuide reports here: https://www.tomsguide.com/news/netgear-router-circle-patches the "AC1900" aka R7000 is vulnerable to "CVE-2021-40847" but TomsGuide doesn't list the "AC1900" aka C7100V as also vulnerable.
And NETGEAR doesn't expressly mention C7100V in this list of affected modems:
https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204SO: My C7100V is working flawlessly right now. Until NETGEAR flat out tells me this model needs a firmware update, and/or it breaks, I'll just take my chances and continue to use it. I can't trust COMCAST too much .... they seem focused on pushing their own rental devices and not supporting privately owned (better) devices.
Thanks again!
Please be sure to visit and post about any C7100 modem information in the cable modem forum:
https://community.netgear.com/t5/Cable-Modems-Routers/bd-p/home-cable-modems-routers
Thank you.
