The VulnerabilitiesThe primary vulnerability identified in these reports relates to a "feature" of NetGear routers called variously "Web Services Management" or "Remote Management." The problem, as is so often the case with home Wi-Fi routers, lies in the web server built into the router's firmware. The web server runs the web-based administrative interface on which router owners authenticate themselves with their administrative passwords. Initially, it was thought that locking down the administrative privileges of these routers would make them secure. But then Lawrence Abrams at Bleeping Computer pointed out that a DNS rebinding attack could leave them vulnerable. By inputting a specific text string on two different models, researchers found that they could put the routers into update mode, bypassing the login process for the Netgear administrative interface. This completely circumvents the authentication normally required for these routers.
The RiskThe vulnerability has been proven to work on at least two routers, but it's feared that it could affect dozens of models. The NetGear R6700 and R7000 routers are definitely vulnerable, and they have been since they were first released in 2013. Both of these routers were also among 50-odd routers for which Netgear pushed out a major set of security updates in early 2020. That set of updates addressed a different set of flaws. Just how many Netgear routers are vulnerable remains a little unclear. GRIMM has suggested that up to 79 routers might be affected by the flaw. A much longer list of all 758 firmware versions were also found to be vulnerable, at least in theory. This represents almost all of the consumer-level routers that Netgear has released since 2007, barring a few high-end gaming routers.
Protect YourselfFor now, the best fix for these vulnerabilities is to follow the guidance and patches that Netgear has released. These include "hot fixes" for the R6400v2 and the R6700v3, both of which should be updated to firmware version 188.8.131.52. It's important to recognize that these are not permanent patches but temporary workarounds that still leave open the chance of users falling victim to identity fraud at some point. Netgear explicitly acknowledges this on their support page: While the hotfixes do fix the security vulnerabilities identified above, they could negatively affect the regular operation of your device. Though our pre-deployment testing process did not indicate that these hotfixes would impact device operability, we always encourage our users to monitor their device closely after installing the firmware hotfix. For this reason, it might be time for your organization to get a new router. If it’s you (or your organization) continue to use the affected routers, you must lock down access to them. A quick – if inelegant – fix is to limit remote access to these routers to a whitelist of trusted external IP addresses. However, be warned that this might cause difficulties if you are trying to manage remote routers via a dynamic IP address. It will still allow users on your internal network to exploit the vulnerability.
The FutureIt's also easy to predict what the future will hold for WiFi routers: vulnerabilities will continue to be discovered. Some of these will take advantage of the new, untested features that ship with the newest router models. Others, like those we've covered in this article, will have a decidedly vintage feel. For users and administrators, the major lesson of these recent flaws is clear enough – your WiFi router is your first line of defense against hacks, and they should be treated as such.