What security flaws have been found?
The security flaws found in NETGEAR WiFi Mesh and routers are rated critical, scoring more than 9 out of 10, indicating the severity of these discovered vulnerabilities.
The first vulnerability discovered in a large number of models is the possibility of injecting commands before authentication in some WiFi Mesh systems from the manufacturer, that is, in NETGEAR Orbi, arbitrary commands could be injected before authenticating, which indicates the severity of this ruling. It has also been discovered that there is an authentication bypass in some routers and WiFi Mesh systems, so in this case it will not even ask for authentication on the manufacturer’s equipment. The NETGEAR XR1000 model is one of the manufacturer’s top-of-the-range gaming routers, this model suffers from two very serious security flaws:
- Command injection
- Disclosure of sensitive information
Finally, it has also been discovered that the keys have been saved in clear text in some models of WiFi Mesh systems, that is, they have keys saved by default, which leads to a serious security breach that should never occur.
Routers and WiFi Mesh Affected
NETGEAR has suffered these vulnerabilities on a large number of high-end routers, both with WiFi 5 and WiFi 6. Vulnerable NETGEAR neutral routers are as follows:
Regarding the WiFi Mesh systems affected, below you can see the complete list:
Mesh WiFi systems with DOCSIS cable entry are also affected, the models are the CBR40 and the CBR750, in addition, the ADSL router D7000v2 is also affected, as well as the 4G LTE LAX20 router, therefore, a large number of NETGEAR devices are affected.
Where can I download the new firmware?
Most NETGEAR routers and WiFi Mesh have the ability to download the firmware directly to the device from the Internet, thanks to this, we will not have to download the firmware manually and later update our equipment. However, it is highly recommended to verify that the latest version that appears on the router is the latest version that we have officially on the manufacturer’s website.
In the NETGEAR official support website You have to indicate the model of your device, either router or WiFi Mesh system, and you will automatically see what the latest firmware versions are, you will have to download the firmware and then upload it via the web in the “Upgrade firmware” section to update router firmwareOnce done, no configuration made will be lost, although if you haven’t done a firmware update for a long time, our recommendation is to do a factory reset so as not to have any kind of problem.
We recommend that you update your router as soon as possible to avoid possible security problems in your network. In recent times, the manufacturer NETGEAR has sent security notices in a large number of models, although it updates them quite regularly, it is worrying that they have to fix so many security flaws in all their models, with other manufacturers this does not happen in a way so disturbing.