Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

79 Netgear Routers Vulnerable to Serious Security Flaw

758 different firmware versions are vulnerable to a remote attack, and Netgear has yet to release security patches.

June 19, 2020

UPDATE 6/22: Nathan Papadopulos, Global Communications and Strategic Partner Marketing at Netgear, got in touch to provide more details regarding the mitigation steps being taken.

The first firmware hotfixes are starting to appear, notably for the R6400 and R6700 routers. However, these are classed as beta firmware and therefore, "could negatively affect the regular operation of your device." But Papadopulos says that, "These fixes are targeted at the security issue in question and therefore have minimal impact on other areas of the router code," and that, "Netgear always recommends to stay up to date to the latest firmware release." In other words, apply the firmware as the risks of it negatively impacting your router are very low.

Papadopulos also confirmed that the beta firmware will eventually be replaced with non-beta versions, although no specific timeframe was given as to when it will appear.

Original Story 6/19:
Netgear is facing a race against time to release a patch for 79 of its routers dating as far back as 2007 after it was discovered a serious vulnerability existed in their firmware. So serious in fact, a hacker is able to remotely take control of your router.

As ZDNet reports, the security flaw was discovered by two researchers independently. The first is Adam Nichols, lead of the Software Application Security team at GRIMM. The second is a researcher only known as d4rkness, who works for the Vietnamese ISP called VNPT. Nichols detailed the vulnerability on the GRIMM blog, but only after giving Netgear several months notice in which to produce patches for the routers, which the company has yet to do. The full list of affected router firmware versions has been posted on GitHub and we've also included the router model numbers below.

The vulnerability stems from the web server Netgear uses on its routers, which Nichols explains "has had very little testing" and unsurprisingly is therefore open to exploitation. In this case, Netgear isn't validating the user input for its administration panel properly, it isn't using "stack cookies," which protect against buffer overflow attacks, and the web server code isn't compiled using Position-independent Executable (PIE), so it can't take full advantage of address space layout randomization (ASLR), which again protects against buffer overflow attacks.

When you put all that together, the result is a router that can be exploited remotely using nothing more than crafted malicious HTTP requests. In total, some 758 different firmware versions contain the vulnerability, which Netgear has used across 79 different router models for the past 13 years.

Nichols managed to craft an exploit for each of the 758 vulnerable firmware images and tested 28 to ensure they worked as expected. Netgear was informed of the vulnerability on Jan 8 this year and then requested more time to produce patches before details of the vulnerability were made public. Netgear's extended time ran out on June 15, and now the details are being released. Netgear's request to extend its time to the end of June was declined, but hopefully that means patches will appear within the next couple of weeks.

The affected router models include:

  • AC1450

  • D6220

  • D6300

  • D6400

  • D7000v2

  • D8500

  • DC112A

  • DGN2200

  • DGN2200v4

  • DGN2200M

  • DGND3700

  • EX3700

  • EX3800

  • EX3920

  • EX6000

  • EX6100

  • EX6120

  • EX6130

  • EX6150

  • EX6200

  • EX6920

  • EX7000

  • LG2200D

  • MBM621

  • MBR624GU

  • MBR1200

  • MBR1515

  • MBR1516

  • MBRN3000

  • MVBR1210C

  • R4500

  • R6200

  • R6200v2

  • R6250

  • R6300

  • R6300v2

  • R6400

  • R6400v2

  • R6700

  • R6700v3

  • R6900

  • R6900P

  • R7000

  • R7000P

  • R7100LG

  • R7300

  • R7850

  • R7900

  • R8000

  • R8300

  • R8500

  • RS400

  • WGR614v8

  • WGR614v9

  • WGR614v10

  • WGT624v4

  • WN2500RP

  • WN2500RPv2

  • WN3000RP

  • WN3100RP

  • WN3500RP

  • WNCE3001

  • WNDR3300

  • WNDR3300v2

  • WNDR3400

  • WNDR3400v2

  • WNDR3400v3

  • WNDR3700v3

  • WNDR4000

  • WNDR4500

  • WNDR4500v2

  • WNR834Bv2

  • WNR1000v3

  • WNR2000v2

  • WNR3500

  • WNR3500v2

  • WNR3500L

  • WNR3500Lv2

  • XR300

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Matthew Humphries

Senior Editor

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

Read Matthew's full bio

Read the latest from Matthew Humphries