Netgear’s Nighthawk R6700 v3, the popular router used mostly by gaming-focused users is infested with six critical vulnerabilities.
These were discovered by Tenable researchers, who spotted them in September this year and informed Netgear for patches. While the vendor hasn’t released any update yet, researchers warn concerned users to be vigilant about hacks and follow strong security protocols until a patch is available.
Bugs in Popular Netgear Router
Netgear is a popular network device maker, and its Nighthawk sub-brand is greatly used by gaming users worldwide. While it’s so popular, Netgear leaving it exposed for critical vulnerabilities isn’t reasonable, even after they’re being reported responsibly.
So, the Tenable researchers, who discovered six critical vulnerabilities in Netgear’s Nighthawk R6700 v3 router on September 30th this year, are now disclosing the details of their findings after the responsible disclosure period ended.
As per them, the six critical vulnerabilities in Nighthawk R6700 v3, running a firmware version are 188.8.131.52 are;
CVE-2021-20173: A post-authentication command injection flaw in the update functionality of the device, making it susceptible to command injection.
CVE-2021-20174: HTTP is used by default on all communications of the device’s web interface, risking username and password interception in cleartext form.
CVE-2021-20175: SOAP Interface (port 5000) uses HTTP to communicate by default, risking username and password interception in cleartext form.
CVE-2021-23147: Command execution as root without authentication via a UART port connection. Exploiting this flaw requires physical access to the device.
CVE-2021-45732: Configuration manipulation via hardcoded encryption routines, allowing the changing of settings that are locked for reasons of security.
CVE-2021-45077: All usernames and passwords for the device’s services are stored in plaintext form in the configuration file.
These vulnerabilities are found in Nighthawk’s R6700 v3 model, which is the only version currently supported by Netgear. So any routers below this version (v2 or v3) should immediately be changed to newer versions, to avoid being hacked. As for the v3 variant, users should wait for Netgear to release a patch to secure the router.
Other Trending News:- News