A critical security flaw could allow malicious hackers to attack and take over millions of home Wi-Fi routers via the Internet, researchers revealed today (January 11)
So far, only Netgear has released a patch for the affected models, but routers made by Edimax, D-Link, Tenda, TP-Link, and Western Digital are also believed to be vulnerable
"The vulnerability affects millions of devices worldwide and in some cases could be completely remotely accessible," wrote Sentinel Labs researcher Max van Amerongen in a company blog post
Successful router hijacking gives hackers control over all aspects of a victim's Internet traffic, allowing them to launch further attacks, such as sending users to phishing sites or infecting other devices on the network
This flaw is a major concern
No exploits for this flaw are known yet, but Van Amerongen added that "despite the considerable complexity involved in its development, it could be made public in the future"
If you have one of the three Netgear models (D7800, R6400v2, or R6700v3) that are known to be vulnerable, here are the instructions for updating
Meanwhile, D-Link has posted a brief note on its website, stating that the company is "currently investigating this reported security issue" and will "provide further updates as more information becomes available"
A D-Link spokesperson said that after a similar vulnerability discovered in 2015, the company has not used the affected software on newer models for several years
For other router brands, we have sent requests for information and will update this article as soon as we receive a response
In the meantime, we encourage users of these other brands to bother the manufacturer's technical support team with email messages asking for information on which models may be affected and whether and when the router manufacturer plans to fix the defect [The problem exists in NetUSB, a Linux kernel module developed by Taiwanese company KCodes that allows devices such as printers and network-enabled storage drives to access the local network through the router's USB port
Van Amerongen of Sentinel Labs noticed that NetUSB listens for Internet commands as well as local network commands on port 20005
He discovered that by sending NetUSB-specific commands on that port number, it is possible to control the router's Linux kernel and cause a memory buffer overflow Needless to say, this is a bad idea; Van Amerongen admits that for technical reasons this is a bit difficult to do properly, but is still possible for a skilled attacker
"These limitations make it difficult, but I believe not impossible, to write an exploit for this vulnerability, so those with Wi-Fi routers may need to look for updates to their router firmware," he wrote
Sentinel Labs notified KCodes of the flaw on September 9, 2021, and a NetUSB patch fixing the flaw was issued to vendors on October 4 The Netgear patch was released on December 20
The three affected Netgear models are the D7800, known as the AC2600 WiFi VDSL/ADSL modem router, the R6400v2, known as the AC1750 Smart WiFi router 80211ac dual-band gigabit, and R6700v3, known as the Nighthawk AC1750 smart WiFi dual-band gigabit router
Netgear has a practice of selling routers according to technical specifications rather than actual model numbers, resulting in customers having to check for stickers on the router indicating the model number
All three affected models look like the router pictured above, but the D7800 has four antennas while the other two have three early versions of the R6400 and R6700 look the same but have different internals and are affected by this defect not or are at the end of their life span (and thus need to be replaced)
Fortunately, the main firmware update procedure is the same for all three models and is not difficult (The R6400v2 and R6700v3 also support the Netgear Nighthawk smartphone app for iOS and Android, so if your smartphone has it installed, simply use the app)
Log in to the administrator interface using the administrator credentials The username is probably "admin" unless you change it, plus the admin password you chose when you set up the router
If you have not changed that admin password, it is probably just "password" and you should absolutely change it to something stronger as soon as you are done with this task
Once you have logged into the administration interface, click on the "Advanced" tab, then "Administration," and finally "Router Update" A new page will load, click "Check" If an update is available, click "Yes" to the prompt asking if you want to download and install the update
The router will download the update and restart Once it has completed, you will need to log back into the management interface and follow the same path to the router update page
Verify that the latest firmware update is installed; for the D7800, firmware version 10168 is required; for both the R6400v2 and R6700v3, firmware version 104122
What if I completely forget my administrator password and cannot log into the interface? In that case, you will need to factory reset the router by pressing the reset button on the back
Unfortunately, you will have to go through the whole setup process again, but it is still better than having a vulnerable router
Comments