Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulnerable

ForceTen
Aspirant
Aspirant
‎2021-09-23 01:32 PM
‎2021-09-23 01:32 PM

Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulnerable

My NETGEAR NIGHTHAWK model C7100V aka AC1900 Router-Modem is functioning now with my ISP Comcast / Xfinity.  The current 'best' firmware NetGear lists is version 2.01.45, which has been around for more than a year.  BUT A NEW CRITICAL VULNERABILITY catalogued as CVE-2021-40847 GRIMM researchers says many NetGear Routers must get a firmware ASAP due to "Circle software" that was built into existing firmware - designed for parental controls.  " GRIMM showed that it wasn't hard to sneak malicious code into a Circle update and from there completely seize control of a router, which in turn would grant the attacker complete control of your home (or small office) internet traffic" 

See report: https://www.tomsguide.com/news/netgear-router-circle-patches..

Netgear has issued on 9/20/21 a firmware update "R7000-V1.0.11.128_10.2.112.zip" but the model C7100V CAN NOT BE UPDATED BY ANY USER. ONLY MY ISP (COMCAST/XFINITY) CAN UPDATE MY FIRWARE. I contacted Comcast and they DNK anything about the vulnerability or any firmware update. I was instructed to contact NETGEAR .... which I am now doing.

1. Is my Router Modem C7100V vulnerable, and 2. If so, how can I get an updated safe firmware?
Please include COMCAST/XFINITY tech ... you have contacts ... to include them in any answers.
Thanks.

Model: A7000|Nighthawk AC1900 WiFi USB Adapter - USB 3.0
Message 1 of 4
0 Kudos
Reply

Accepted Solutions
Portwey84
Virtuoso
Virtuoso
‎2021-09-24 01:32 AM
‎2021-09-24 01:32 AM

Re: Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulner

@ForceTen  Ok, this subject has come up before:

 

https://community.netgear.com/t5/Cable-Modems-Routers/New-C7100v-Comcast-Firmware/td-p/1942256

 

So clearly, Comcast do push out firmware updates when required, otherwise the user in the link above, wouldn't have had the update pushed to them.

 

The firmware you have mentioned, V2.01.45 does seem to be the only firmware update that has so far been pushed out.

 

How long have you had this modem cable router? Is it an ISP supplied piece of kit?

 

The other firmware you linked to, has nothing to do with your model of router/modem, it is for the R7000 AC1900 model.

 

Others have mentioned the C7100v before, just use the search function:

 

https://community.netgear.com/t5/Cable-Modems-Routers/C7100V-What-s-this-crap-about-having-to-get-fi...

 

My personal advice, if you're worried enough about security/firmware and this model of router isn't making you feel comfortable, if it's an ISP supplied router, ask them if they'll take it back or swap it for a newer version, or buy a different model replacement, but make sure you know first what your'e purchasing and that it's compatible for your ISP setup.

View solution in original post

Model: C7100V|Nighthawk AC1900 WiFi Cable Modem Router
Message 2 of 4
Reply

All Replies
Portwey84
Virtuoso
Virtuoso
‎2021-09-24 01:32 AM
‎2021-09-24 01:32 AM

Re: Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulner

@ForceTen  Ok, this subject has come up before:

 

https://community.netgear.com/t5/Cable-Modems-Routers/New-C7100v-Comcast-Firmware/td-p/1942256

 

So clearly, Comcast do push out firmware updates when required, otherwise the user in the link above, wouldn't have had the update pushed to them.

 

The firmware you have mentioned, V2.01.45 does seem to be the only firmware update that has so far been pushed out.

 

How long have you had this modem cable router? Is it an ISP supplied piece of kit?

 

The other firmware you linked to, has nothing to do with your model of router/modem, it is for the R7000 AC1900 model.

 

Others have mentioned the C7100v before, just use the search function:

 

https://community.netgear.com/t5/Cable-Modems-Routers/C7100V-What-s-this-crap-about-having-to-get-fi...

 

My personal advice, if you're worried enough about security/firmware and this model of router isn't making you feel comfortable, if it's an ISP supplied router, ask them if they'll take it back or swap it for a newer version, or buy a different model replacement, but make sure you know first what your'e purchasing and that it's compatible for your ISP setup.

Model: C7100V|Nighthawk AC1900 WiFi Cable Modem Router
Message 2 of 4
Reply
ForceTen
Aspirant
Aspirant
‎2021-09-24 09:17 AM
‎2021-09-24 09:17 AM

Re: Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulner

Thank you, Portwey84 --

 

Hmm ... I purchased this device, described officially as "Nighthawk - AC1900 WiFi Cable Modem Router for Xfinity Internet & Voice" aka C7100V in 2018 as it was highly rated by COMCAST then, and continues now to be recommended: https://approvedmodemlist.com/comcast-xfinity-approved-modems/.

 

The problem is TWO DIFFERENT NETGEAR devices are both named "AC1900" by Comcast. My C7100V and also the listed-vulnerable model R7000 are BOTH called "AC1900" by Comcast.  ---  Damn Comcast for sloppy model naming!

 

TomsGuide reports here: https://www.tomsguide.com/news/netgear-router-circle-patches the "AC1900" aka R7000 is vulnerable to "CVE-2021-40847" but TomsGuide doesn't list the "AC1900" aka C7100V as also vulnerable.

 

And NETGEAR doesn't expressly mention C7100V in this list of affected modems:
https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-202...

 

SO: My C7100V is working flawlessly right now. Until NETGEAR flat out tells me this model needs a firmware update, and/or it breaks, I'll just take my chances and continue to use it. I can't trust COMCAST too much .... they seem focused on pushing their own rental devices and not supporting privately owned (better) devices.

 

Thanks again!

Model: C7100V|Nighthawk AC1900 WiFi Cable Modem Router
Message 3 of 4
0 Kudos
Reply
FURRYe38
Guru Guru
Guru
‎2021-09-24 09:42 AM
‎2021-09-24 09:42 AM

Re: Netgear issued firmware on 9-20-2021 to patch vulnerability CVE-2021-40847. Is my C7100V vulner

Please be sure to visit and post about any C7100 modem information in the cable modem forum:

https://community.netgear.com/t5/Cable-Modems-Routers/bd-p/home-cable-modems-routers

 

Thank you. 

My Setup ISP SparkLight | Internet Cable 1000↓/50↑ CAX80 Modem Mode  | Wifi Router RAXE500 and RBKE963; Router mode | Switches NG GS105/8, GS308v3, GS110MX and XS505M | Additional NG HW: C7800/CAX30/CAX80/CM1100/CM1200/CM2000, Orbi: CBK40, CBK752, RBK50, RBK853, RBK752, RBK953, SXK30 | NightHawk: MK63, R7000, R7800, R7960P, R8000, RAXE500, RAX120v2, RAX50v2, XR450/500/700/1000, EX7500/EX7700

Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2021-09-23 01:32 PM
  • 1524 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 7