Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking equipment manufacturer Netgear announced the release of crucial patches to address a high-severity remote code execution vulnerability that could allow unauthorized attackers to gain control over affected routers. This vulnerability, assigned the identifier CVE-2021-40847 and carrying a CVSS score of 8.1, impacts a range of popular router models, including the R6400v2, R6700, and R7000 series, among others.

The issue has been traced to a third-party component known as Circle, integrated within the router’s firmware. Security experts emphasize that this flaw could be exploited remotely, making it a significant concern for businesses relying on these devices for their networking infrastructure. The specific impacted models, along with their corresponding firmware versions that rectify the vulnerability, include the R6400v2 (fixed in version 1.0.4.120), the R6700 (version 1.0.2.26), and the R7000 (version 1.0.11.128), to name a few.

According to Adam Nichols, a security researcher at GRIMM, the implications of this vulnerability extend beyond individual devices. If exploited, it could compromise not only the integrity of individual routers but potentially the security posture of entire networks. This is particularly critical for businesses that utilize these routers, as it could lead to unauthorized data access and control over sensitive network resources.

The nature of this vulnerability aligns with several tactics described in the MITRE ATT&CK framework, which is used to categorize and understand adversary behaviors in cybersecurity incidents. Initial access tactics may apply here, as attackers might exploit this weakness to gain footholds within corporate networks. Subsequent activities could manifest as privilege escalation, allowing malicious actors to deepen their control once they have infiltrated the system.

Business owners should be acutely aware of the risks associated with using vulnerable networking hardware. Given that remote code execution vulnerabilities are often targeted by cyber adversaries, the stakes are particularly high. The remediation offered through updated firmware is a critical step in mitigating these risks, but organizations must also remain vigilant. Proper security hygiene, including regular updates and monitoring of network activity, is essential to safeguard against potential exploitation.

As the cybersecurity landscape continues to evolve, understanding vulnerabilities like CVE-2021-40847 becomes paramount for decision-makers. The potential for such flaws to be exploited underlines the importance of maintaining robust cybersecurity practices. Organizations are encouraged to prioritize timely updates and consider comprehensive assessments of their network security configurations.

In light of this incident, Netgear’s proactive response serves as a reminder of the necessity for continuous vigilance in the face of increasingly sophisticated cyber threats. Cybersecurity remains a collective responsibility, requiring ongoing attention from all stakeholders involved in maintaining the security of digital infrastructure.

Source link

Related Posts

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.

SonicWall Releases Critical Patches for Vulnerability in SMA 100 Series Devices

On September 25, 2021, SonicWall, a network security firm, addressed a serious security vulnerability identified in its Secure Mobile Access (SMA) 100 series appliances. This flaw allows remote, unauthorized attackers to gain administrative access to the affected devices. Designated as CVE-2021-20034, the issue involves arbitrary file deletion and has a critical CVSS score of 9.1 out of 10. Exploiting this vulnerability could enable an adversary to bypass path traversal checks, leading to deletion of files and a reset of the device to factory settings. SonicWall indicated that the vulnerability stems from inadequate file path restrictions, potentially allowing arbitrary file deletions. Fortunately, the company noted that there are currently no signs of exploitation in the wild. SonicWall also acknowledged Wenxu Yin of Alpha Lab, Qihoo 360, for reporting this security concern, which affects the SMA 100 Series, including models like SMA 200 and SMA 210.