Remote Code Execution Vulnerability in NETGEAR Routers

Published on 23 Sep 2021

Updated on 23 Sep 2021

NETGEAR has released security updates to address a remote code execution vulnerability (CVE-2021-40847) in their routers. This vulnerability could allow a remote attacker to take control of an affected system via a man-in-the-middle (MiTM) attack.

 

This vulnerability affects NETGEAR product models R6400v2, R6700, R6700v3, R6900, R6900P, R7000, R7000P, R7850, R7900, R8000 and RS400. 

 

Users and administrators of the affected product models are advised to upgrade to the latest firmware immediately.  

 

More information is available here:
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/netgear-releases-security-updates-rce-vulnerability

https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204
https://threatpost.com/netgear-soho-security-bug-rce/174921/