Netgear fixes a fatal bug found on several popular routers

• The comparison
• Tutorials
• Netgear fixes a fatal bug found on several popular routers

Netgear has resolved a high severity Remote Code Execution (RCE) vulnerability in the Circle parental control service, on several Netgear Small Office / Home Office (SOHO) routers. What makes this vulnerability particularly interesting is that, although it exists in a third-party component included in the firmware, it is just as harmful as a vulnerability that exists in Netgear's kernel firmware, due to the fact that Circle works with permissions of root. . . “The Circle update daemon containing the vulnerability is enabled to run by default, even if you have not configured your router to use parental control features. While this does not resolve the underlying issue, simply disabling the vulnerable code when Circle is not in use would have prevented the exploit on most devices,” notes Adam Nichols, a researcher at GRIMM Cybersecurity Experts. Nichols suggests that the vulnerability serves as a warning and helps demonstrate the importance of reducing the attack surface.

do not talk to strangers

Under normal circumstances, a simple vulnerability mitigation (registered as CVE-2021-40847) in Circle would have been to disable the service. However, that would not work here, as the vulnerability actually exists in the circled update daemon, which is also enabled by default. In the article, Nichols explains that the update process relies on getting unsigned updates over the unencrypted HTTP protocol. He explains that an attacker can hijack the update process using a Man-in-the-Middle (MitM) attack, which would allow them to run code as root on the device. While Netgear has posted solutions to resolve the issue, GRIMM recommends the use of VPN to mitigate the risk posed by compromised network routers.