Netgear Releases Router Firmware Update Addressing Security Issues

Early last week Netgear issued a firmware update for some of their consumer broadband routers. This update resolves 2 critical vulnerabilities (1x command injection vulnerability and 1x authentication bypass vulnerability).

Affected Routers (authentication bypass vulnerability):

  • JNR1010v2
  • JNR3000
  • N300
  • R3250
  • WNR614
  • WNR618
  • JWNR2000v5
  • WNR2020
  • JWNR2010v5
  • WNR1000v4
  • WNR2020v2

Affected Routers (command injection vulnerability):

  • JWNR2010v5
  • JWNR2000v5

Why Should These Issues Be Considered Important?
By default the affected routers administrative interface can be accessed by any user on the same internal network as the router. If WAN administration is enabled (a setting that allows anyone outside of your network to access your router) the above mentioned authentication bypass vulnerability is even more serious since a remote attacker could access your router’s admin interface without needing a username or password.

The command injection vulnerability could allow an attacker to issue a command of their choice to your router e.g. performing a file listing.

How Can I Protect Myself From These Issues?
If you own any of the affected routers listed above, please either apply the update (if it is already available for your router). If not, check if an updated firmware is available for your router that corrects this issue. If no corrected version is available it would be advisable to contact Netgear to determine if an update is planned. They may also be able to supply steps to mitigate the issue if no update is planned.

Netgear has issued updated firmware for some of the affected routers:

  • JNR1010v2
  • WNR614
  • WNR618
  • JWNR2000v5
  • WNR2020
  • JWNR2010v5
  • WNR1000v4
  • WNR2020v2

Please follow the instructions within the above linked to Netgear knowledgebase article to install the updated firmware.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s