Netgear Nighthawk R6700 Routers Have Unpatched Vulnerabilities…. And No Patches Are Available

It’s only the first day of the new year and already I am reporting on a serious set of vulnerabilities with the Netgear Nighthawk R6700 router which is a very popular choice home users who want a bit more power behind their WiFi. Cybersecurity company Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain lots of vulnerabilities. On top of that, the device uses a MiniDLNA is server version which is known to contain lots of vulnerabilities.

On top of that, here’s a list of issues with this router:

  • CVE-2021-20173: A post-authentication command injection flaw in the update functionality of the device, making it susceptible to command injection.
  • CVE-2021-20174: HTTP is used by default on all communications of the device’s web interface, risking username and password interception in cleartext form.
  • CVE-2021-20175: SOAP Interface (port 5000) uses HTTP to communicate by default, risking username and password interception in cleartext form.
  • CVE-2021-23147: Command execution as root without authentication via a UART port connection. Exploiting this flaw requires physical access to the device.
  • CVE-2021-45732: Configuration manipulation via hardcoded encryption routines, allowing the changing of settings that are locked for reasons of security.
  • CVE-2021-45077: All usernames and passwords for the device’s services are stored in plaintext form in the configuration file.

These flaws could allow an attacker on the network to take complete control of the device. Which of course is bad. And these were found in firmware version 1.0.4.120, which is the latest release for the router. To make matters more confusing, there are three versions of this router:

  • Netgear R6700 v3, which is still under support.
  • Netgear R6700 v1 and R6700 v2, which have reached end of life. 

If you have the v1 or v2 versions of this router, you should pull them from service immediately and replace them with something else from another vendor. If you have v3 of this router, you are advised to change the default credentials to something unique and strong. Or you can just pull the router from service and use something else from another vendor. I say that because Netgear hasn’t addressed any of this since they were contacted on September 30th of last year. Which reflects poorly on Netgear, but isn’t surprising as they have a history of this sort of behaviour.

Leave a Reply

%d bloggers like this: