A security researcher from Tenable claims to have discovered several security flaws in the Nighthawk R6700v3 WiFi router. After successful attacks, attackers could see unencrypted passwords or, under certain conditions, even execute malicious code with root rights.
A report by the security researcher states that there is still no security update for the vulnerable 1.0.4.120 firmware. In a current warning message from Netgear about the firmware 1.0.4.122 for the R6400v2 and R6700v3 models, Tenable’s security researcher is mentioned in the context of closed loopholes. However, since no CVE numbers for the vulnerabilities appear in the report, one can only assume that the vulnerabilities have been closed. The answer to a request from heise Security to Netgear is still pending.
Netgear states that they also have loopholes in the Firmware 1.0.5.106 have closed for the following models:
- RAX35v2
- RAX38v2
- RAX40v2
- RAX42
- RAX43
- RAX45
- RAX48
- RAX50
- RAX50S
Hazardous effects
Overall, the risk emanating from the gaps is considered to be “high“Since the web interface uses HTTP as standard for communication, attackers could target two vulnerabilities (CVE-2021-20174, CVE-2021-20175) to intercept usernames and passwords in plain text.
If an attacker has physical access to a vulnerable device and can connect to the UART port, it is even conceivable that malicious code could be executed with root rights (CVE-2021-23147). In addition, attackers could subvert devices with an update prepared with malicious code (CVE-2021.20173).
(of)