Home
 » ISP News » 
Sponsored

Security Vulnerabilities Strike 50 Models of Netgear Routers

Saturday, March 7th, 2020 (7:31 am) - Score 4,851
netgear nighthark r7000

Once again a mass of almost 50 different models of broadband wireless router(s), WiFi range extenders and gateways from Netgear, including some of their more recent kit (mostly affecting those within the D6000, R6000, R7000, R8000, PR2000, R9000 and XR500 families), have been hit by a string of new security vulnerabilities.

The security risk from these flaws tends to range in severity and the company has already released firmware updates so that customers can patch them ASAP. The first one (PSV-2019-0076) relates to a critical ‘Unauthenticated Remote Code Execution‘ bug on their R7800 router (firmware versions prior to 1.0.2.68).

On top of that the same R7800 model, as well as a mass of other Netgear routers in the D6000, R6000, R7000, R8000, R9000 and XR500 families, are also affected by a ‘Post-Authentication Command Injection‘ (PSV-2018-0352) flaw. The danger level for this one is rated as ‘high’, rather than ‘critical’, for its severity and should also be patched ASAP.

Sadly we’re not finished yet. A ‘Pre-Authentication Command Injection‘ (PSV-2019-0051) flaw was found to affect several models of Netgear router within the R6000 and R7000 families (rated ‘high’ for severity), while a less serious ‘Authentication Bypass‘ (PSV-2018-0570) vulnerability (rated as ‘medium’ for severity) was found to impact various other router and gateway models in the same families, plus a PR2000 and JR6150.

Long story short, if you have any one of the models listed below (credits to Toms Guide) then hop along to the Netgear website and get the latest March 2020 firmware releases. Otherwise you risk your kit and network being broken into by amateur hackers or automated spammers intent upon stealing data, hijacking your computers or all sorts of other malicious things.

Modem/routers:

D6200, D6220, D6400, D7000, D7000v2, D7800, D8500

Range extenders:

PR2000

Routers:

JR6150, R6120, R6220, R6230, R6250, R6260, R6400, R6400v2, R6700, R6700v2, R6700v3, R6800, R6900, R6900P, R6900v2, R7000, R7000P, R7100LG, R7300DST, R7500v2, R7800, R7900, R7900P, R8000, R8000P, R8300, R8500, R8900, R9000, RAX120, RBR20 (Orbi), RBS20 (Orbi), RBK20 (Orbi), RBR40 (Orbi), RBS40 (Orbi), RBK40 (Orbi), RBR50 (Orbi), RBS50 (Orbi), RBK50 (Orbi), XR500, XR700

Leave a Comment
5 Responses
  1. Avatar Mel says:

    Surprise, surprise, Not!

    1. Avatar chris.london says:

      No reason to panic. As far as I can tell these vulnerabilities were mostly patched ages ago. E.g. only XR500s running firmware versions prior to 2.3.2.32 are affected. That firmware is dated 9 July 2018.

    2. Avatar Phil says:

      Agree with Chris – just checked my router (d6400) and already running the needed firmware that was release last year.

  2. Avatar CarlT says:

    I picked good timing to move the R9000 that was on WAN detail back to access point detail behind a router/firewall.

    1. Avatar Steve says:

      If you’ve got a R9000 (or R7800) then I highly recommend using Voxel’s firmware for better performance (these vulnerabilities were fixed yonks ago in Voxel’s fw). Upon request he can also add features which are missing from stock fw.

      http://www.voxel-firmware.com

      Discussion on SNB:

      https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-38-1hf.62549/

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Vodafone £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Hyperoptic £22.00
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Onestream £22.49 (*29.99)
    Avg. Speed 45Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*36.52)
    Avg. Speed 36Mbps, Unlimited
    Gift: £55 Reward Card
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. FTTP (2812)
  2. BT (2790)
  3. FTTC (1790)
  4. Building Digital UK (1759)
  5. Politics (1687)
  6. Openreach (1641)
  7. Business (1454)
  8. FTTH (1341)
  9. Statistics (1250)
  10. Mobile Broadband (1247)
  11. 4G (1075)
  12. Fibre Optic (1071)
  13. Wireless Internet (1035)
  14. Ofcom Regulation (1028)
  15. Virgin Media (1016)
  16. EE (707)
  17. Vodafone (679)
  18. Sky Broadband (673)
  19. TalkTalk (671)
  20. 5G (532)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact