Netgear leaves vulnerabilities unpatched in Nighthawk router

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,050
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched.

Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.

The six flaws were discovered by researchers at cybersecurity company Tenable and could allow an attacker on the network to take complete control of the device.

On top of the aforementioned security issues, Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain vulnerabilities. The researechers also note that the device uses a MiniDLNA is server version with publicly known flaws.

The recently disclosed flaws affect firmware version 1.0.4.120, which is the latest release for the device.

Users are advised to change the default credentials to something unique and strong and follow recommended security practices for more robust defense against malware infections.

Also, check Netgear’s firmware download portal regularly and install new versions as soon as they become available. Turning on automatic updates on your router is also recommended.

The current security report refers to Netgear R6700 v3, which is still under support, not Netgear R6700 v1 and R6700 v2, which have reached end of life. If you are still using the older models, it is recommended to upgrade them.

Tenable disclosed the above issues to the vendor on September 30, 2021, and even though some information exchange in the form of clarifications and suggestions took place afterward, the problems remain unaddressed.