[ad_1]
Netgear R6700v3Source: Netgear
Researchers have discovered half a dozen high-risk vulnerabilities within the newest firmware model for the Netgear Nighthawk R6700v3 router. At publishing time the issues stay unpatched.
Nighthawk R6700 is a well-liked dual-bank WiFi router marketed with gaming-focused options, sensible parental controls, and inner {hardware} that’s sufficiently highly effective to accommodate the wants of residence energy customers.
The six flaws had been found by researchers at cybersecurity firm Tenable and will permit an attacker on the community to take full management of the machine:
CVE-2021-20173: A post-authentication command injection flaw within the replace performance of the machine, making it inclined to command injection.
CVE-2021-20174: HTTP is utilized by default on all communications of the machine’s internet interface, risking username and password interception in cleartext type.
CVE-2021-20175: SOAP Interface (port 5000) makes use of HTTP to speak by default, risking username and password interception in cleartext type.
CVE-2021-23147: Command execution as root with out authentication through a UART port connection. Exploiting this flaw requires bodily entry to the machine.
CVE-2021-45732: Configuration manipulation through hardcoded encryption routines, permitting the altering of settings which might be locked for causes of safety.
CVE-2021-45077: All usernames and passwords for the machine’s providers are saved in plaintext type within the configuration file.
On prime of the aforementioned safety points, Tenable discovered a number of situations of jQuery libraries counting on model 1.4.2, which is understood to include vulnerabilities. The researechers additionally word that the machine makes use of a MiniDLNA is server model with publicly recognized flaws.
POST request forcing an replace test to take advantage of CVE-2021-20173Source: Tenable
The lately disclosed flaws have an effect on firmware model 1.0.4.120, which is the most recent launch for the machine.
Customers are suggested to vary the default credentials to one thing distinctive and powerful and observe advisable safety practices for extra strong protection towards malware infections.
Additionally, test Netgear’s firmware obtain portal repeatedly and set up new variations as quickly as they turn into accessible. Turning on computerized updates in your router can be advisable.
The present safety report refers to Netgear R6700 v3, which remains to be underneath help, not Netgear R6700 v1 and R6700 v2, which have reached finish of life. In case you are nonetheless utilizing the older fashions, it is suggested to interchange them.
Tenable disclosed the above points to the seller on September 30, 2021, and regardless that some data trade within the type of clarifications and options occurred afterward, the issues stay unaddressed.
We have now reached out to Netgear asking for a touch upon the above, and we are going to add an replace to this story as quickly as we hear again from them.
[ad_2]