Got a Netgear router? I do, and like yours, mine probably needs to be patched right away.
That's because the enterprising folks at D.C.-area security firm Grimm have found yet another very serious Netgear flaw, as detailed in a report Nov. 16. This comes (relatively) hot on the heels of the previous bunch of Netgear security updates back in September of this year.
This time around, Netgear lists more than 40 different models of routers, range extenders and a couple of other devices, from models nearly a decade old to brand-new models on our list of the best Wi-Fi routers, that need to install firmware updates to protect themselves from total hacker takeover.
Unfortunately, nearly 40 other Netgear models may not get any updates, as many of them are already too old to get any further support.
We've got a list of all the affected models at the end of this story. All together, we're looking at about 80 different models of Wi-Fi routers, Wi-Fi range extenders, DSL gateways and other devices. The number of affected individual units has to be at least several hundred thousand, and may be in the low millions.
How to update your Netgear router's firmware
The newer your Netgear router is, the easier it is to update the firmware. Netgear's Orbi mesh routers generally update themselves, and they also have a companion smartphone app that you can use to check for and to install updates.
Netgear's Nighthawk routers also have a companion app, although using it is optional for at least some models, as is the automatic-update setting. With some Nighthawks, it's generally best to go into the administrative interface (try "http://192.168.1.1/admin" or "routerlogin.net" while connected to your home network) and check the "Advanced" section for firmware updates. From there, you should be able to launch the update sequence.
If the above methods don't work with your Netgear router, then you need to go to Netgear support at https://www.netgear.com/support/ and type in the model number of your router in the search filed at the top of the page. (We've got more instructions here on how to update your router's firmware.)
However, the model number may not be obvious. Some routers come with their branding and specifications proudly listed on the box, such as "Nighthawk AXE11000 Tri-Band WiFi 6E." But that's not the model name, which is actually "RAXE500." (That's the router in the photo at the top of this story, and it does need to be patched.)
Look for a sticker on the router itself displaying the model number — it may be on the side or on the bottom. To further complicate things, Netgear sometimes changes the inner circuits of a router while leaving the exterior the same during the production lifespan, so you may see a "v2" or "v3" appended to the model number.
Once you have the model number, the search function on the Netgear support site should take you to that model's support page. Scroll down the page to find "Firmware and Software Downloads" and click it.
You'll then see a button that will let you download the firmware update to your PC or Mac. Do that, but don't forget to click the Release Notes link just below it, which in turn will lead you to a link that leads to a downloadable version of your router's user manual, which will show you how to install the firmware update. The firmware update itself may come with its own instructions.
So what is this Netgear flaw that's being fixed?
The fatal flaw in all of these models involves a stack-overflow vulnerability in the Universal Plug and Play component of the router firmware. The flaw is catalogued as CVE-2021-34991 and is listed as applying to only one specific router with a specific firmware version, which got an update on Sept. 16. But the problem is much more widespread than that.
Universal Plug and Play, or UPnP for short, is a protocol that lets new devices, such as gaming consoles or printers, connect to routers without a lot of fuss. It turns out that a character limit in one function of the UPnP protocol on these Netgear routers permits an attacker on the local network — i.e., already linked to your router as a regular user — to send a malicious command to the router that overrides the routers internal safeguards and gives the router total control without any kind of authorization.
Once that's done, the attacker can pretty much see anything you do online, and can also send you to malicious websites or break into more devices on your network.
You may think that it's enough to just keep intruders out of your network to prevent such an attack, but it's not that hard to crack a Wi-Fi network access password or to sneak malicious software onto a poorly secured device, such as an out-of-date computer or a smart-home device.
Suffice it to say that you want to install the Netgear firmware update on your router tout suite — if you can.
Netgear routers with firmware patches available
Here's a list, copied from the Netgear website, of the models that have firmware updates or "hot fixes" available to fix this flaw, along with the most recent firmware version that they should be updated to.
- R6400 fixed in firmware version 184.108.40.206
- R6400v2 fixed in firmware version 220.127.116.11
- R6700v3 fixed in firmware version 18.104.22.168
- R6900P fixed in firmware version 22.214.171.124_HOTFIX
- R7000 fixed in firmware version 126.96.36.199
- R7000P fixed in firmware version 188.8.131.52_HOTFIX
- R7100LG fixed in firmware version 184.108.40.206
- R7850 fixed in firmware version 220.127.116.11
- R7900P fixed in firmware version 18.104.22.168
- R7960P fixed in firmware version 22.214.171.124
- R8000 fixed in firmware version 126.96.36.199
- R8000P fixed in firmware version 188.8.131.52
- R8300 fixed in firmware version 184.108.40.206
- R8500 fixed in firmware version 220.127.116.11
- RAX15 fixed in firmware version 18.104.22.168
- RAX20 fixed in firmware version 22.214.171.124
- RAX200 fixed in firmware version 126.96.36.199
- RAX35v2 fixed in firmware version 188.8.131.52
- RAX38v2 fixed in firmware version 184.108.40.206
- RAX40v2 fixed in firmware version 220.127.116.11
- RAX42 fixed in firmware version 18.104.22.168
- RAX43 fixed in firmware version 22.214.171.124
- RAX45 fixed in firmware version 126.96.36.199
- RAX48 fixed in firmware version 188.8.131.52
- RAX50 fixed in firmware version 184.108.40.206
- RAX50S fixed in firmware version 220.127.116.11
- RAX75 fixed in firmware version 18.104.22.168
- RAX80 fixed in firmware version 22.214.171.124
- RAXE450 fixed in firmware version 126.96.36.199
- RAXE500 fixed in firmware version 188.8.131.52
- RS400 fixed in firmware version 184.108.40.206
- WNDR3400v3 fixed in firmware version 220.127.116.11
- WNR3500Lv2 fixed in firmware version 18.104.22.168
- XR300 fixed in firmware version 22.214.171.124
DSL Modem Routers:
- D6220 fixed in firmware version 126.96.36.199
- D6400 fixed in firmware version 188.8.131.52
- D7000v2 fixed in firmware version 184.108.40.206
- DGN2200v4 fixed in firmware version 220.127.116.11
- EX3700 fixed in firmware version 18.104.22.168
- EX3800 fixed in firmware version 22.214.171.124
- EX6120 fixed in firmware version 126.96.36.199
- EX6130 fixed in firmware version 188.8.131.52
- DC112A fixed in firmware version 184.108.40.206
- CAX80 fixed in firmware version 220.127.116.11
Netgear models that may or may not get a firmware update
Here's a list of Netgear models that the Grimm team determined were vulnerable to these attacks, but which Netgear hasn't specifically listed as getting patches for this flaw. The firmware version numbers listed below ARE vulnerable, according to Grimm.
Unfortunately, there are models on Netgear's list of patches that aren't on Grimm's list of vulnerable devices. And there are models on Grimm's list that aren't on Netgear's list, yet have received security patches in the last few months that pushed the firmware versions beyond the vulnerable ones listed below, so they may actually have available patches for this flaw.
To complicate things further, there are six models that Grimm says are not vulnerable because past firmware updates "broke" UPnP for them. Four of those — D6220, D6400, R6400 and R7000 — are on Netgear's list of patched models. Two others, D8500 and R6300v2, are not, and the only available firmware updates for them are the vulnerable ones listed below.
The best thing to do, if you have one of the models listed below, is to follow the procedures above about checking to see if a firmware update is available for your model on the Netgear support site.
If the available firmware update has a version number later than what's below, then you may be getting a patch for the above flaw, especially if the release note for the flaw has a date in the past few months. Go ahead and install the update.
But if the version number of the available firmware update matches the firmware number below, and the release-note date is more than a few months old, then it might be time to get a new router.
- AC1450 - 18.104.22.168
- D6300 - 22.214.171.124
- D8500 - 126.96.36.199
- DGN2200M - 188.8.131.52
- DGND3700v1 - 184.108.40.206
- EX3920 - 220.127.116.11
- EX6000 - 18.104.22.168
- EX6100 - 22.214.171.124
- EX6150 - 126.96.36.199
- EX6920 - 188.8.131.52
- EX7000 - 184.108.40.206
- MVBR1210C - 220.127.116.11BM
- R4500 - 18.104.22.168
- R6200 - 22.214.171.124
- R6200v2 - 126.96.36.199
- R6250 - 188.8.131.52
- R6300 - 184.108.40.206
- R6300v2 - 220.127.116.11
- R6700 - 18.104.22.168
- R6900 - 22.214.171.124
- R7300DST - 126.96.36.199
- R7900 - 188.8.131.52
- WGR614v9 - 1.2.32
- WGT624v4 - 2.0.13
- WNDR3300v1 - 1.0.45
- WNDR3300v2 - 184.108.40.206
- WNDR3400v1 - 220.127.116.11
- WNDR3400v2 - 18.104.22.168
- WNDR3700v3 - 22.214.171.124
- WNDR4000 - 126.96.36.199
- WNDR4500 - 188.8.131.52
- WNDR4500v2 - 184.108.40.206
- WNR834Bv2 - 2.1.13
- WNR1000v3 - 220.127.116.11
- WNR2000v2 - 18.104.22.168
- WNR3500 - 1.0.36NA
- WNR3500v2 - 22.214.171.124NA
- WNR3500L - 126.96.36.199NA