This week we saw a proof of concept code published for how to remotely take over 79 different models of Netgear routers through a flaw in their embedded HTTP server used for managing the device.
Not all routers have patches available, but you are encouraged to update your router’s firmware if it is in the list below. Some of these routers go back to 2007, and some are past end of life by many years so patches may never be created.
More info including effected firmware versions hopefully will be posted by Netgear soon. Netgear was notified of this at the beginning of the year (2020) and had asked for extensions to the disclosure to the public but the latest extension has expired, thus the disclosure going public. For now, checking for the latest firmware is the best path I know of, and checking again later this month and the next.
This was found by two independent security researchers at roughly the same time. Adam Nichols from GRIMM, a cybersecurity firm, says that 758 different firmware versions are affected, and I have included that listing as a text file.
Timeline:
01/08/20 – ZDI reported the vulnerability to the vendor
04/30/20 – ZDI contacted the vendor requesting a status update
05/01/20 – The vendor requested an extension until the end of June
05/05/20 – ZDI agreed on extension until June 15th
05/28/20 – ZDI requested a status update
05/29/20 – The vendor requested an extension until the end of June
05/29/20 – ZDI declined the request and notified the vendor the case would be published as 0-day on 06/15/20
A couple of the reference articles: https://www.zerodayinitiative.com/advisories/ZDI-20-712/
https://www.zdnet.com/article/unpatched-vulnerability-identified-in-79-netgear-router-models/
Affected routers according to the researchers:
AC1450
D6220
D6300
D6400
D7000v2
D8500
DC112A
DGN2200
DGN2200v4
DGN2200M
DGND3700
EX3700
EX3800
EX3920
EX6000
EX6100
EX6120
EX6130
EX6150
EX6200
EX6920
EX7000
LG2200D
MBM621
MBR624GU
MBR1200
MBR1515
MBR1516
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6250
R6300
R6300v2
R6400
R6400v2
R6700
R6700v3
R6900
R6900P
R7000
R7000P
R7100LG
R7300
R7850
R7900
R8000
R8300
R8500
RS400
WGR614v8
WGR614v9
WGR614v10
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3100RP
WN3500RP
WNCE3001
WNDR3300
WNDR3300v2
WNDR3400
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR834Bv2
WNR1000v3
WNR2000v2
WNR3500
WNR3500v2
WNR3500L
WNR3500Lv2
XR300
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706