Critical Netgear Bug Impacts Flagship Nighthawk Router

Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.

Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk (R7800) hardware running firmware versions prior to 1.0.2.68. The warnings, posted Tuesday, also include two high-severity bugs impacting Nighthawk routers, 21 medium-severity flaws and one rated low.

The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company’s consumer Nighthawk X4S Smart Wi-Fi Router (R7800) first introduced in 2016 and still available today. Netgear is short on details tied to the vulnerability, only urging customers to visit its online support page to download a patch for the bug.

The same R7800 model router is also vulnerable to a high-severity post-authentication command injection flaw, tracked as PSV-2018-0352. In this case, the Nighthawk (R7800) router is vulnerable when running firmware prior to version 1.0.2.60.

The same high-severity command injection flaw (PSV-2018-0352) also exists in 29 other router models within the D6000, R6000, R7000, R8000, R9000 and XR500 family of Netgear hardware. Brands include 20 SKUs of the Wireless AC Router Nighthawk hardware, four of its Wireless AC Routers and four DSL Gateway AC devices.

Netgear is also mum on the technical specifics of how the command injection flaw manifests itself in the routers and gateway devices. Generally, a post-authentication command injection flaw can lead to a number of different attack scenarios including one that allows a hacker to completely compromise a device and gain root privileges.

On Tuesday, Netgear warned of a second high-severity post-authentication command injection flaw impacting five router models within the R6400, R6700, R6900 and R7900 SKUs and that are running specific vulnerable firmware. The security bulletin for the vulnerability is PSV-2019-0051. These model routers typically fall under Netgear’s consumer devices.

Netgear has a long history of patching command injection flaws dating back to 2013 and researched by Zach Cutlip. It was then that Cutlip found a similar vulnerability in Netgear’s WNDR3700v4 router that allowed for an attacker to take control of the hardware. More recently, in 2018 researchers at Fortinet discovered that Netgear R8000 model router also had a post-authentication command injection flaw tied to its CGI Handler.

Netgear is urging customers to visit its online support page and search by device model for the most recent firmware to update and patch their devices.

Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, “5G, the Olympics and Next-Gen Security Challenges,” as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. Register here.

Suggested articles