Do you have a Netgear router? I do, and like yours, mine probably needs to be fixed right away.
This is because the enterprising folks at DC area security firm Grimm have found another very serious Netgear flaw, as detailed in a report yesterday (Nov 16). This comes (relatively) immediately after Netgear’s previous batch of security updates in September of this year.
This time, more than 40 different models of Netgear routers, range extenders, and a couple of other devices, from nearly a decade old models to brand new models on our list of the best Wi-Fi routers, need to install firmware updates. to protect yourself from complete takeover by hackers.
Unfortunately, almost 40 other Netgear models may or may not receive updates, as some of them are already too old to receive any kind of support.
We have a list of all affected models at the end of this story. In total, we are looking at around 80 different models of Wi-Fi routers, Wi-Fi range extenders, DSL gateways, and other devices. The number of individual units affected must be at least several hundred thousand, and may be as few as a few million.
How to update the firmware of your Netgear router
The newer your Netgear router is, the easier it will be to update the firmware. Netgear’s Orbi mesh routers generally update themselves, and they also have a companion smartphone app that you can use to check for and install updates.
Netgear’s Nighthawk routers also have a companion app, although its use is optional for at least some models, as is the auto-update setting. With some Nighthawks, it is generally better to go to the administrative interface (try “http://192.168.1.1/admin” or “routerlogin.net” while connected to your home network) and check the “Advanced” section for updates on firmware. From there, you should be able to start the update sequence.
If the above methods do not work with your Netgear router, then you need to go to Netgear support at https://www.netgear.com/support/ and type the model number of your router in the archived search at the top. of the page. (Here are more instructions on how to update your router’s firmware.)
However, the model number may not be obvious. Some routers come with their brand and specs proudly listed on the box, such as “Nighthawk AXE11000 Tri-Band WiFi 6E”. But that’s not the name of the model, which is actually “RAXE500”. (That’s the router in the photo at the top of this story, and it needs to be patched.)
Look for a label on the router that shows the model number; it can be on the side or on the bottom. To further complicate matters, Netgear will sometimes change a router’s internal circuitry during the production life, so you may see a “v2” or “v3” appended to the model number.
Once you have the model number, the search function on the Netgear support site should take you to the support page for that model. Scroll down the page to find “Firmware & Software Downloads” and click on it.
You will then see a button that will allow you to download the firmware update to your PC or Mac. Do that, but don’t forget to click on the Release Notes link below, which in turn will take you to a link that will take you to a downloadable version of your router’s user manual, which will show you how to install the firmware update. The firmware update itself may come with its own instructions.
So what is this Netgear flaw that is being fixed?
The fatal flaw in all of these models involves a stack overflow in the Universal Plug and Play component of the router firmware. Universal Plug and Play, or UPnP for short, is a protocol that allows new devices, such as game consoles or printers, to connect to routers without much of a problem.
It turns out that a character limit in a function of the UPnP protocol on all these Netgear routers allows an attacker on the local network, that is, already connected to your router as a regular user, to send a malicious command to the router that overrides the internal safeguards. of the router and gives the router full control without any authorization.
Once this is done, the attacker can see just about anything you do online and can also send you to malicious websites or enter more devices on your network.
You may think that keeping intruders out of your network is enough to prevent such an attack, but it is not that difficult to crack a network access password or introduce malicious software to a poorly protected device, such as an outdated device. computer or smart home device.
Suffice it to say that you want to install the Netgear firmware update on your tout suite router, if you can.
Netgear routers with available firmware patches
Here is a list, copied from the Netgear website, of the models that have firmware updates or “hot fixes” available to fix this flaw, along with the most recent firmware version that they should be updated to.
- R6400 fixed in firmware version 126.96.36.199
- R6400v2 fixed in firmware version 188.8.131.52
- R6700v3 fixed in firmware version 184.108.40.206
- R6900P fixed in firmware version 220.127.116.11_HOTFIX
- R7000 fixed in firmware version 18.104.22.168
- R7000P fixed in firmware version 22.214.171.124_HOTFIX
- R7100LG fixed in firmware version 126.96.36.199
- R7850 fixed in firmware version 188.8.131.52
- R7900P fixed in firmware version 184.108.40.206
- R7960P fixed in firmware version 220.127.116.11
- R8000 fixed in firmware version 18.104.22.168
- R8000P fixed in firmware version 22.214.171.124
- R8300 fixed in firmware version 126.96.36.199
- R8500 fixed in firmware version 188.8.131.52
- RAX15 fixed in firmware version 184.108.40.206
- RAX20 fixed in firmware version 220.127.116.11
- RAX200 fixed in firmware version 18.104.22.168
- RAX35v2 fixed in firmware version 22.214.171.124
- RAX38v2 fixed in firmware version 126.96.36.199
- RAX40v2 fixed in firmware version 188.8.131.52
- RAX42 fixed in firmware version 184.108.40.206
- RAX43 fixed in firmware version 220.127.116.11
- RAX45 fixed in firmware version 18.104.22.168
- RAX48 fixed in firmware version 22.214.171.124
- RAX50 fixed in firmware version 126.96.36.199
- RAX50S fixed in firmware version 188.8.131.52
- RAX75 fixed in firmware version 184.108.40.206
- RAX80 fixed in firmware version 220.127.116.11
- RAXE450 fixed in firmware version 18.104.22.168
- RAXE500 fixed in firmware version 22.214.171.124
- Fixed RS400 on firmware version 126.96.36.199
- WNDR3400v3 fixed in firmware version 188.8.131.52
- WNR3500Lv2 fixed in firmware version 184.108.40.206
- XR300 fixed in firmware version 220.127.116.11
DSL modem routers:
- D6220 fixed in firmware version 18.104.22.168
- D6400 fixed in firmware version 22.214.171.124
- D7000v2 fixed in firmware version 126.96.36.199
- DGN2200v4 fixed in firmware version 188.8.131.52
- EX3700 fixed in firmware version 184.108.40.206
- EX3800 fixed in firmware version 220.127.116.11
- EX6120 fixed in firmware version 18.104.22.168
- EX6130 fixed in firmware version 22.214.171.124
- Fixed DC112A on firmware version 126.96.36.199
- CAX80 fixed in firmware version 188.8.131.52
Netgear models that may or may not receive a firmware update
Here is a list of Netgear models that the Grimm team determined were vulnerable to these attacks, but which Netgear has not specifically listed as patches for this flaw. The firmware version numbers listed below ARE vulnerable, according to Grimm.
Unfortunately, there are models that Netgear lists as patches that are not on Grimm’s list. And there are models listed below that are not supposed to receive patches, however they have received some sort of security patches in the last few months that pushed the firmware versions beyond the vulnerable ones listed below.
To further complicate matters, there are six models that Grimm says are not vulnerable because previous firmware updates “broke” UPnP. Four of them, D6220, D6400, R6400, and R7000, obtained patches from Netgear to correct this latest flaw. Two others, D8500 and R6300v2, did not and the only firmware updates available are the vulnerable ones listed below.
The best thing to do, if you have one of the models listed below, is to follow the procedures above to check for a firmware update available on the Netgear support site.
If the available firmware update has a later version number than the one shown below, you may receive a patch for the old defect, especially if the release note for the defect is dated within the last few months. Go ahead and install the update.
But if the version number of the available firmware update matches the firmware number shown below, and the release note date is more than a few months old, then it might be time to purchase a new router. .
- AC1450 – 184.108.40.206
- D6300 – 220.127.116.11
- D8500 – 18.104.22.168
- DGN2200M – 22.214.171.124
- DGND3700v1 – 126.96.36.199
- EX3920 – 188.8.131.52
- EX6000 – 184.108.40.206
- EX6100 – 220.127.116.11
- EX6150 – 18.104.22.168
- EX6920 – 22.214.171.124
- EX7000 – 126.96.36.199
- MVBR1210C – 188.8.131.52BM
- R4500 – 184.108.40.206
- R6200 – 220.127.116.11
- R6200v2 – 18.104.22.168
- R6250 – 22.214.171.124
- R6300 – 126.96.36.199
- R6300v2 – 188.8.131.52
- R6700 – 184.108.40.206
- R6900 – 220.127.116.11
- R7300DST – 18.104.22.168
- R7900 – 22.214.171.124
- WGR614v9 – 1.2.32
- WGT624v4 – 2.0.13
- WNDR3300v1 – 1.0.45
- WNDR3300v2 – 126.96.36.199
- WNDR3400v1 – 188.8.131.52
- WNDR3400v2 – 184.108.40.206
- WNDR3700v3 – 220.127.116.11
- WNDR4000 – 18.104.22.168
- WNDR4500 – 22.214.171.124
- WNDR4500v2 – 126.96.36.199
- WNR834Bv2 – 2.1.13
- WNR1000v3 – 188.8.131.52
- WNR2000v2 – 184.108.40.206
- WNR3500 – 1.0.36NA
- WNR3500v2 – 220.127.116.11NA
- WNR3500L – 18.104.22.168NA
Today’s Best Netgear Netgear Nighthawk Pro Gaming 6-Stream WiFi 6 Router (XR1000) Deals
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled