UPDATE 6/22: Nathan Papadopulos, Global Communications and Strategic Partner Marketing at Netgear, got in touch to provide more details regarding the mitigation steps being taken.
The first firmware hotfixes are starting to appear, notably for the R6400 and R6700 routers.
However, these are classed as beta firmware and therefore, "could negatively affect the regular operation of your device." But Papadopulos says that, "These fixes are targeted at the security issue in question and therefore have minimal impact on other areas of the router code," and that, "Netgear always recommends to stay up to date to the latest firmware release." In other words, apply the firmware as the risks of it negatively impacting your router are very low.
Papadopulos also confirmed that the beta firmware will eventually be replaced with non-beta versions, although no specific timeframe was given as to when it will appear.
Original Story 6/19:
Netgear is facing a race against time to release a patch for 79 of its routers dating as far back as 2007 after it was discovered a serious vulnerability existed in their firmware.
So serious in fact, a hacker is able to remotely take control of your router.
As ZDNet reports, the security flaw was discovered by two researchers independently.
The first is Adam Nichols, lead of the Software Application Security team at GRIMM.
The second is a researcher only known as d4rkness, who works for the Vietnamese ISP called VNPT.
Nichols detailed the vulnerability on the GRIMM blog, but only after giving Netgear several months notice in which to produce patches for the routers, which the company has yet to do.
The full list of affected router firmware versions has been posted on GitHub and we've also included the router model numbers below.
The vulnerability stems from the web server Netgear uses on its routers, which Nichols explains "has had very little testing" and unsurprisingly is therefore open to exploitation.
In this case, Netgear isn't validating the user input for its administration panel properly, it isn't using "stack cookies," which protect against buffer overflow attacks, and the web server code isn't compiled using Position-independent Executable (PIE), so it can't take full advantage of address space layout randomization (ASLR), which again protects against buffer overflow attacks.
When you put all that together, the result is a router that can be exploited remotely using nothing more than crafted malicious HTTP requests.
In total, some 758 different firmware versions contain the vulnerability, which Netgear has used across 79 different router models for the past 13 years.
Recommended by Our Editors
Nichols managed to craft an exploit for each of the 758 vulnerable firmware images and tested 28 to ensure they worked as expected.
Netgear was informed of the vulnerability on Jan 8 this year and then requested more time to produce patches before details of the vulnerability were made public.
Netgear's extended time ran out on June 15, and now the details are being released.
Netgear's request to extend its time to the end of June was declined, but hopefully that means patches will appear within the next couple of weeks.
The affected router models include:
AC1450
D6220
D6300
D6400
D7000v2
D8500
DC112A
DGN2200
DGN2200v4
DGN2200M
DGND3700
EX3700
EX3800
EX3920
EX6000
EX6100
EX6120
EX6130
EX6150
EX6200
EX6920
EX7000
LG2200D
MBM621
MBR624GU
MBR1200
MBR1515
MBR1516
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6250
R6300
R6300v2
R6400
R6400v2
R6700
R6700v3
R6900
R6900P
R7000
R7000P
R7100LG
R7300
R7850
R7900
R8000
R8300
R8500
RS400
WGR614v8
WGR614v9
WGR614v10
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3100RP
WN3500RP
WNCE3001
WNDR3300
WNDR3300v2
WNDR3400
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR834Bv2
WNR1000v3
WNR2000v2
WNR3500
WNR3500v2
WNR3500L
WNR3500Lv2
XR300
