Ignorant youngsters. Nearly a dozen popular types of Netgear routers are vulnerable due to a severe security hole in the form of an optional parental-control function that evidently wasn’t so optional.
Most of the Nighthawk routers, including the R6400v2, R6700v3, R6900, R6700, R6900P, R7000, R7900, R8000, R7000P, R7850, and RS400, are impacted. All of them may now get the latest firmware upgrades. The vulnerability may be leveraged by an attacker to take control of your home or small-office network and send you to who-knows-where on the internet if they get access to it.
You may want to verify the bottom sticker for the correct model name since Netgear often uses somewhat deceptive phrasing when marketing their home routers.
How to Perform Netgear Router Firmware Update?
According to Netgear’s security advisory, updating your Netgear router’s firmware may be done by visiting netgear.com/support. A new window/tab will appear and entering your model number is required then.
Follow that link to see the user manual for your specific model. It is possible to download a compressed file and then open it on your computer. Then, go to your Netgear router’s admin page (by accessing http://192.168.1.1) using your preferred web browser, choose the Advanced tab, then pick Administration, and finally click Router Update. The router may receive the file once it has been uploaded.
The firmware update may be downloaded to the Netgear router instead for most of these models. Instead of uploading a file from your computer, you may check for updates by using the online administration interface as described in the previous paragraph and clicking the appropriate button.
The Thing About Disney Circle Application
The Netgear Nighthawk and Orbi mesh routers, some of which were already in customers’ homes, received the Disney-designed Circle parental-control capability as an optional add-on feature in 2017. In early 2019, Netgear released its own in-house parental-control software for the Orbi and newer Wi-Fi 6 Nighthawks, while the Circle service would be phased off for previous Nighthawk devices by the end of 2020.
The hitch is that if you own one of the affected routers, the susceptible Circle software is already installed on your device, whether or whether you have ever paid the $4.99 per month for the Circle service.
In a blog post, Adam Nichols of the Washington, D.C.-based security company GRIMM noted that the vulnerability exists because the Circle update daemon is allowed to operate by default, even if the router’s parental control capabilities have not been activated. This news was first reported by Bleeping Computer.
While this doesn’t address the root cause, most exploits could have been avoided, and Circle could still be used, by simply turning off the vulnerable code while the app isn’t running. In other words, the issue you’re experiencing is the result of a piece of software that was installed on your device without your knowledge or consent, maybe as a result of a firmware update performed after you purchased the product.
Note: Netgear Security Patches
Over the last several years, we’ve issued many security warnings about Netgear routers, and we expect to issue at least two more this year alone. Thus, we want to restate that, despite the unfavorable headlines, Netgear’s constant approach to discovering, repairing, and exposing its security issues is a Good Thing.
Some other large router manufacturers may not have as many reported security problems, but that’s only because they aren’t disclosing them. At least we have a handle on what to do when our Netgear routers malfunction.
Any device running Windows, Mac, iOS, or Android follows the same basic rules. There is little doubt that the widespread adoption of routine security updates to address vulnerabilities has improved the reliability of all of these gadgets. A router that never gets updated with new firmware is useless.