Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router. At publishing time the flaws remain unpatched.
Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.
The six flaws were discovered by researchers at cybersecurity company Tenable and could allow an attacker on the network to take complete control of the device:
On top of the aforementioned security issues, Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain vulnerabilities. The researechers also note that the device uses a MiniDLNA is server version with publicly known flaws.
The recently disclosed flaws affect firmware version 184.108.40.206, which is the latest release for the device.
Users are advised to change the default credentials to something unique and strong and follow recommended security practices for more robust defense against malware infections.
Also, check Netgear’s firmware download portal regularly and install new versions as soon as they become available. Turning on automatic updates on your router is also recommended.
The current security report refers to Netgear R6700 v3, which is still under support, not Netgear R6700 v1 and R6700 v2, which have reached end of life. If you are still using the older models, it is recommended to replace them.
Tenable disclosed the above issues to the vendor on September 30, 2021, and even though some information exchange in the form of clarifications and suggestions took place afterward, the problems remain unaddressed.
We have reached out to Netgear asking for a comment on the above, and we will add an update to this story as soon as we hear back from them.