Netgear has identified a high-risk remote code execution (RCE) vulnerability found in the Circle Parental Control service, which runs with root privileges on nearly a dozen modern Netgear Small Offices / Home Offices (SOHO) routers.
While one would expect that the attack vector exposed by the security flaw of the cycle (monitored as CVE-2021-40847) would be removed after the service crashes, the cyclic update daemon containing the error is enabled by default and can be used even if the service is disabled.
Successful exploitation of this vulnerability requires attackers to modify network traffic or intercept traffic while on the same network to gain RCE as root on the targeted router.
After gaining root access, the attacker can take full control of the network traffic passing through the compromised router, allowing encrypted data to be exchanged with other devices, including those in the victim's corporate network.
How to update your router firmware
In an advisory published Monday, Netgear urged customers to download the latest firmware for their devices as soon as possible.
The complete list of Netgear routers that are vulnerable to CVE-2021-40847 farms and firmware updates is provided below.
To download and install the latest firmware for your Netgear device, you must follow this procedure:
- Visit it NETGEAR Support.
- Start typing the model number in the search box, then select your model from the drop-down menu as soon as it appears. If you do not see a drop-down menu, make sure you enter your model number correctly or select a product category to search for your product model.
- Click Downloads.
- In Current Versions, select the first download whose title starts with the Firmware Version.
- Click Release Notes.
- Follow the instructions in the firmware release notes to download and install the new firmware.
Earlier this month, Netgear fixed three major security vulnerabilities named Demon Cries, Draconian Fear and Seventh Inferno, affecting more than a dozen smart switches, allowing threatening operators to bypass authentication and take over unchecked devices.
In June, Microsoft revealed significant firmware vulnerabilities found in some Netgear routers that could allow intruders to break into corporate networks after successful exploitation.
Last year, security researchers GRIMM and VNPT ISC independently discovered a zero-day error on 79 Netgear router models that allow intruders to remotely control vulnerable devices.
Source of information: bleepingcomputer.com