Netgear Router Vulnerability

Due to the impact of the ongoing COVID-19 crisis today, many companies and organizations in the Philippines are already considering telecommuting or most commonly known as work-from-home as an alternate option to continue their day to day business operations. This makes work-from-home employees more vulnerable to attacks, as home routers were typically installed with its default settings and without additional security appliance, which may pose a threat to their organization

Multiple Netgear router models, some of which are used as home routers, have been identified to contain vulnerabilities that may be exploited by remote attackers to take control of an affected device. Seventy-nine (79) Netgear devices have been discovered to be affected and some of which have reached end-of-life (EOL) as follows:

___________________________________

A. Nature of Attack

What are the affected systems of this vulnerability:

Netgear Routers:

• AC1450
• D6220
• D6300
• D6400
• D7000v2
• D8500
• DC112A
• DGN2200
• DGN2200M
• DGN2200v4
• DGND3700
• EX3700
• EX3800
• EX3920
• EX6000
• EX6100
• EX6120
• EX6130
• EX6150
• EX6200

• EX6920
• EX7000
• LG2200D
• MBM621
• MBR1200
• MBR1515
• MBR1516
• MBR624GU
• MBRN3000
• MVBR1210C
• R4500
• R6200
• R6200v2
• R6250
• R6300
• R6300v2
• R6400
• R6400v2
• R6700
• R6700v3

• R6900
• R6900P
• R7000
• R7000P
• R7100LG
• R7300
• R7850
• R7900
• R8000
• R8300
• R8500
• RS400
• WGR614v10
• WGR614v8
• WGR614v9
• WGT624v4
• WN2500RP
• WN2500RPv2
• WN3000RP
• WN3100RP

• WN3500RP
• WNCE3001
• WNDR3300
• WNDR3300v2
• WNDR3400
• WNDR3400v2
• WNDR3400v3
• WNDR3700v3
• WNDR4000
• WNDR4500
• WNDR4500v2
• WNR1000v3
• WNR2000v2
• WNR3500
• WNR3500L
• WNR3500Lv2
• WNR3500v2
• WNR834Bv2
• XR300

___________________________________

B. Actions to be Taken

CERT-PH encourage router owners to check and keep their devices updated to its latest version and if possible, replace EOL devices as manufacturers will not likely provide any further support and updates to accomodate its users. In addition, work-from-home employees must know the importance of home router security and improve their cybersecurity. As such, CERT-PH also recommends:

Use a strong and unique WiFi password.
Check connected devices to the router and make sure that there are no unrecognized device on the list, if there are, immediately disconnect the said device.
Configure the router to hide the WiFi’s SSID to others, making it undetectable.
Do not share WiFi’s password to visitors, and if not applicable, configure a guest networking for others to connect to.
Periodically monitor router’s activity logs to check any odd or irregular actions.
If an unknown or unauthorized activity was discovered, immediately change the passwords of the router’s admin account and password for the WiFi, change the WiFi’s SSID and turn off SSID broadcast, block the unknown device, and conduct further investigation and monitoring.