Millions of Netgear routers need security updates right away — what you need to do
Millions of Netgear routers need security updates right away — what you demand to do
Got a Netgear router? I do, and similar yours, mine probably needs to be patched right away.
That'south because the enterprising folks at D.C.-area security firm Grimm accept found yet another very serious Netgear flaw, as detailed in a study Nov. xvi. This comes (relatively) hot on the heels of the previous bunch of Netgear security updates back in September of this year.
This time around, Netgear lists more than xl different models of routers, range extenders and a couple of other devices, from models almost a decade erstwhile to brand-new models on our list of the all-time Wi-Fi routers, that need to install firmware updates to protect themselves from full hacker takeover.
Unfortunately, nearly xl other Netgear models may not get whatsoever updates, as many of them are already too onetime to get any farther support.
Nosotros've got a list of all the affected models at the cease of this story. All together, we're looking at most 80 dissimilar models of Wi-Fi routers, Wi-Fi range extenders, DSL gateways and other devices. The number of affected individual units has to be at least several hundred one thousand, and may be in the low millions.
How to update your Netgear router'due south firmware
The newer your Netgear router is, the easier it is to update the firmware. Netgear's Orbi mesh routers generally update themselves, and they also have a companion smartphone app that you can use to bank check for and to install updates.
Netgear's Nighthawk routers likewise have a companion app, although using it is optional for at least some models, as is the automatic-update setting. With some Nighthawks, information technology's mostly best to go into the authoritative interface (endeavor "http://192.168.1.1/admin" or "routerlogin.internet" while continued to your abode network) and check the "Avant-garde" section for firmware updates. From at that place, yous should be able to launch the update sequence.
If the above methods don't work with your Netgear router, then yous need to go to Netgear support at https://world wide web.netgear.com/support/ and type in the model number of your router in the search filed at the top of the page. (We've got more than instructions here on how to update your router's firmware.)
Notwithstanding, the model number may not be obvious. Some routers come with their branding and specifications proudly listed on the box, such as "Nighthawk AXE11000 Tri-Band WiFi 6E." But that'due south not the model name, which is actually "RAXE500." (That'due south the router in the photo at the top of this story, and it does need to be patched.)
Look for a sticker on the router itself displaying the model number — it may be on the side or on the lesser. To further complicate things, Netgear sometimes changes the inner circuits of a router while leaving the outside the same during the production lifespan, so y'all may see a "v2" or "v3" appended to the model number.
Once yous accept the model number, the search role on the Netgear back up site should accept you to that model's support folio. Scroll downwards the page to find "Firmware and Software Downloads" and click it.
You'll so run across a button that will let you download the firmware update to your PC or Mac. Do that, simply don't forget to click the Release Notes link just beneath it, which in plough will lead y'all to a link that leads to a downloadable version of your router'south user manual, which will evidence you how to install the firmware update. The firmware update itself may come with its own instructions.
So what is this Netgear flaw that's existence fixed?
The fatal flaw in all of these models involves a stack-overflow vulnerability in the Universal Plug and Play component of the router firmware. The flaw is catalogued as CVE-2021-34991 and is listed equally applying to just 1 specific router with a specific firmware version, which got an update on Sept. xvi. But the problem is much more widespread than that.
Universal Plug and Play, or UPnP for short, is a protocol that lets new devices, such as gaming consoles or printers, connect to routers without a lot of fuss. It turns out that a grapheme limit in one function of the UPnP protocol on these Netgear routers permits an aggressor on the local network — i.eastward., already linked to your router as a regular user — to transport a malicious command to the router that overrides the routers internal safeguards and gives the router total control without any kind of say-so.
Once that's washed, the attacker tin pretty much see anything you do online, and can also send yous to malicious websites or intermission into more devices on your network.
Y'all may think that it'southward enough to just go along intruders out of your network to foreclose such an attack, but it's not that hard to scissure a Wi-Fi network access countersign or to sneak malicious software onto a poorly secured device, such as an out-of-appointment reckoner or a smart-domicile device.
Suffice information technology to say that you want to install the Netgear firmware update on your router tout suite — if you tin.
Netgear routers with firmware patches available
Hither's a list, copied from the Netgear website, of the models that have firmware updates or "hot fixes" available to fix this flaw, forth with the most recent firmware version that they should be updated to.
Routers:
- R6400 fixed in firmware version 1.0.one.76
- R6400v2 fixed in firmware version i.0.4.120
- R6700v3 stock-still in firmware version 1.0.4.120
- R6900P fixed in firmware version 1.iii.3.142_HOTFIX
- R7000 fixed in firmware version i.0.11.128
- R7000P fixed in firmware version 1.three.3.142_HOTFIX
- R7100LG fixed in firmware version 1.0.0.72
- R7850 stock-still in firmware version one.0.v.76
- R7900P stock-still in firmware version 1.four.2.84
- R7960P stock-still in firmware version one.4.2.84
- R8000 fixed in firmware version one.0.four.76
- R8000P fixed in firmware version 1.4.2.84
- R8300 fixed in firmware version 1.0.ii.156
- R8500 fixed in firmware version ane.0.ii.156
- RAX15 fixed in firmware version 1.0.4.100
- RAX20 fixed in firmware version 1.0.4.100
- RAX200 fixed in firmware version 1.0.5.132
- RAX35v2 fixed in firmware version 1.0.4.100
- RAX38v2 fixed in firmware version 1.0.4.100
- RAX40v2 fixed in firmware version 1.0.four.100
- RAX42 fixed in firmware version ane.0.4.100
- RAX43 fixed in firmware version one.0.4.100
- RAX45 fixed in firmware version one.0.four.100
- RAX48 fixed in firmware version 1.0.4.100
- RAX50 fixed in firmware version ane.0.4.100
- RAX50S fixed in firmware version 1.0.4.100
- RAX75 fixed in firmware version 1.0.5.132
- RAX80 fixed in firmware version 1.0.v.132
- RAXE450 fixed in firmware version 1.0.8.70
- RAXE500 fixed in firmware version 1.0.8.seventy
- RS400 fixed in firmware version 1.v.1.eighty
- WNDR3400v3 fixed in firmware version 1.0.1.42
- WNR3500Lv2 fixed in firmware version 1.2.0.70
- XR300 fixed in firmware version 1.0.iii.68
DSL Modem Routers:
- D6220 stock-still in firmware version 1.0.0.76
- D6400 fixed in firmware version 1.0.0.108
- D7000v2 stock-still in firmware version one.0.0.76
- DGN2200v4 fixed in firmware version 1.0.0.126
Wi-Fi extenders:
- EX3700 fixed in firmware version 1.0.0.94
- EX3800 fixed in firmware version 1.0.0.94
- EX6120 fixed in firmware version one.0.0.66
- EX6130 stock-still in firmware version 1.0.0.66
AirCards:
- DC112A fixed in firmware version one.0.0.62
Cable Modems:
- CAX80 fixed in firmware version 2.1.3.5
Netgear models that may or may not get a firmware update
Hither's a listing of Netgear models that the Grimm squad determined were vulnerable to these attacks, but which Netgear hasn't specifically listed as getting patches for this flaw. The firmware version numbers listed below ARE vulnerable, according to Grimm.
Unfortunately, in that location are models on Netgear's list of patches that aren't on Grimm'south list of vulnerable devices. And there are models on Grimm's list that aren't on Netgear's listing, notwithstanding accept received security patches in the last few months that pushed the firmware versions across the vulnerable ones listed below, so they may actually accept available patches for this flaw.
To complicate things farther, there are vi models that Grimm says are non vulnerable because by firmware updates "broke" UPnP for them. Four of those — D6220, D6400, R6400 and R7000 — are on Netgear's list of patched models. 2 others, D8500 and R6300v2, are not, and the only available firmware updates for them are the vulnerable ones listed below.
The best thing to do, if you take one of the models listed below, is to follow the procedures above nigh checking to come across if a firmware update is bachelor for your model on the Netgear support site.
If the bachelor firmware update has a version number later than what'southward below, and so you may be getting a patch for the above flaw, especially if the release notation for the flaw has a date in the past few months. Get alee and install the update.
Only if the version number of the available firmware update matches the firmware number below, and the release-note date is more than a few months onetime, then it might exist time to become a new router.
- AC1450 - 1.0.0.36
- D6300 - 1.0.0.102
- D8500 - 1.0.3.60
- DGN2200M - 1.0.0.35
- DGND3700v1 - 1.0.0.17
- EX3920 - one.0.0.88
- EX6000 - 1.0.0.44
- EX6100 - 1.0.ii.28
- EX6150 - i.0.0.46
- EX6920 - 1.0.0.54
- EX7000 - ane.0.1.94
- MVBR1210C - 1.2.0.35BM
- R4500 - ane.0.0.4
- R6200 - 1.0.1.58
- R6200v2 - 1.0.iii.12
- R6250 - 1.0.4.48
- R6300 - i.0.two.fourscore
- R6300v2 - 1.0.4.52
- R6700 - 1.0.2.16
- R6900 - 1.0.2.16
- R7300DST - 1.0.0.74
- R7900 - 1.0.4.38
- WGR614v9 - ane.2.32
- WGT624v4 - 2.0.13
- WNDR3300v1 - 1.0.45
- WNDR3300v2 - 1.0.0.26
- WNDR3400v1 - one.0.0.52
- WNDR3400v2 - 1.0.0.54
- WNDR3700v3 - ane.0.0.42
- WNDR4000 - 1.0.2.x
- WNDR4500 - 1.0.1.46
- WNDR4500v2 - 1.0.0.72
- WNR834Bv2 - ii.1.xiii
- WNR1000v3 - 1.0.2.78
- WNR2000v2 - i.2.0.12
- WNR3500 - 1.0.36NA
- WNR3500v2 - i.two.2.28NA
- WNR3500L - 1.2.two.48NA
Source: https://www.tomsguide.com/news/netgear-router-patches-nov21
Posted by: ginyardoled1954.blogspot.com
0 Response to "Millions of Netgear routers need security updates right away — what you need to do"
Post a Comment