It's time to update your Netgear Wi-Fi router once again. The home-networking-device maker has pushed out security updates for 35 different models of routers, Wi-Fi range extenders and combination modem-routers to fix three flaws discovered by British security firm Immersive Labs.
Two of the Netgear router flaws let an attacker, who already has access to the router's administration interface, hack it to change configuration settings. Those new settings could then be used to create backdoors that would give hackers permanent remote access to the router's controls.
Once a hacker has control of your router, they can see and control where you go on the internet and can often see what you're receiving and sending.
To be fair, just getting access to the administration interface in the first place pretty much means game over already, but this is a serious flaw that needs to be fixed nonetheless.
Another Netgear router flaw lets someone on the local network get the router's serial number by querying a specific "port," or network interface.
Normally, this wouldn't be so bad, but as Immersive Labs researcher Kev Breen explained in a company blog post yesterday (Dec. 2), "this serial number is used as part of the [administrative] password reset function on most Netgear devices."
"This mechanism is supposed to ensure only those with physical access to the device can reset the password," Breen added, because normally the serial number is visible only on a sticker on the physical device. "Armed with this information, it is now possible for any user on the network to brute-force the password-reset questions."
This less-serious attack require local network access, but that's not as hard to get as it seems for an attacker. Many home-network Wi-Fi access passwords can be guessed or brute-forced. If malware sneaks onto a computer, smartphone, gaming console or smart device in the home by other means, then it will have local network access too.
How to update your Netgear Wi-Fi router's firmware
Updating Netgear routers to the latest firmware depends on the model. Many newer Netgear routers have automatic updates enabled by default, and you'll just need to make sure the feature is turned on.
With some others, you have to go to the administrative interface and manually check for updates, which the router can then download and install itself. Many of the models affected by these flaws also support the Netgear Nighthawk mobile app, which lets you check for and install router firmware right from your smartphone.
Older models may require a more complicated router-update procedure that involves going to the Netgear support website, entering the router's model number (it's printed on a sticker on the device itself), going to that model's support page, checking for firmware updates, downloading the update file to a Mac or PC, and then uploading the file to the router through the administrative interface.
If you need to go to the Netgear router administrative panel, you can usually reach it at http://18.104.22.168 in a web browser if you're on the router's local network. Some Netgear routers also let you use http://routerlogin.com or http://routerlogin.net.
In general, the username for the Netgear router administrative interface is "admin." You can change that if you like, but it's much more important to make sure that the password for the administrative interface has been changed from the default password.
Default passwords for most home Wi-Fi routers, whether made by Netgear or not, can easily be found online. Leaving yours as is just makes you a sitting duck for hackers.
While you're in your router's administrative settings, you'll want to go to the "Advanced" part of the interface, then look for "Advanced Setup." Click on UPnP and make sure it's disabled.
Then click on "Web Services Management" or "Remote Management" and disable that as well. Doing so will remove two common channels of attack that hackers often use to attack routers.
Netgear Wi-Fi routers that need to be updated
Following are two lists of Netgear devices, listed by model number, that need to be updated. The firmware version number listed is the version that fixes these flaws. You can see the version number of the firmware that your own router is running in the top right corner of the administrative interface.
Eighteen Netgear Wi-Fi routers, range extenders and combination modem-routers are vulnerable to the first two flaws above, which lets an attacker change a router's configuration settings. (Both versions of the RAX120 may also be vulnerable to other Wi-Fi router flaws disclosed by different researchers this week.)
DSL Modem Routers
- D7800 fixed in firmware version 22.214.171.124
Wi-Fi Range Extenders
- EX2700 fixed in firmware version 126.96.36.199
- WN3000RPv2 fixed in firmware version 188.8.131.52
- WN3000RPv3 fixed in firmware version 184.108.40.206
LTE Modem Routers
- LBR1020 (an Orbi wireless broadband gateway) fixed in firmware version 220.127.116.11
Orbi Wi-Fi Systems
- LBR20 fixed in firmware version 18.104.22.168
- R6700AX fixed in firmware version 22.214.171.124
- R7800 fixed in firmware version 126.96.36.199
- R8900 fixed in firmware version 188.8.131.52
- R9000 fixed in firmware version 184.108.40.206
- RAX10 fixed in firmware version 220.127.116.11
- RAX120v1 fixed in firmware version 18.104.22.168
- RAX120v2 fixed in firmware version 22.214.171.124
- RAX70 fixed in firmware version 126.96.36.199
- RAX78 fixed in firmware version 188.8.131.52
- XR450 fixed in firmware version 184.108.40.206
- XR500 fixed in firmware version 220.127.116.11
- XR700 fixed in firmware version 18.104.22.168
Seventeen Netgear Wi-Fi router models are vulnerable to the third flaw, which makes the device serial number visible.
- AC2100 fixed in firmware version 22.214.171.124
- AC2400 fixed in firmware version 126.96.36.199
- AC2600 fixed in firmware version 188.8.131.52
- D7000 fixed in firmware version 184.108.40.206
- R6220 fixed in firmware version 220.127.116.11
- R6230 fixed in firmware version 18.104.22.168
- R6260 fixed in firmware version 22.214.171.124
- R6330 fixed in firmware version 126.96.36.199
- R6350 fixed in firmware version 188.8.131.52
- R6700v2 fixed in firmware version 184.108.40.206
- R6800 fixed in firmware version 220.127.116.11
- R6850 fixed in firmware version 18.104.22.168
- R6900v2 fixed in firmware version 22.214.171.124
- R7200 fixed in firmware version 126.96.36.199
- R7350 fixed in firmware version 188.8.131.52
- R7400 fixed in firmware version 184.108.40.206
- R7450 fixed in firmware version 220.127.116.11