Netgear routers are vulnerable to a very old security flaw
The DNS rebinding flaws that these routers have date back to models the company put out as early as 2007. That means this issue has been lurking in the background for a very long time.
It was recently brought to light by the Vietnamese security company GRIMM and an independent security researcher known only as d4rkn3ss. Both confirm that these potentially fatal security flaws are centered around the remote management capabilities of the routers in question.
Unfortunately, many of the impacted routers have reached their end of support life so no fix is coming. Refer to the extensive list below. If you have one of the affected routers, be sure to keep an eye out for a security patch from Netgear.
Let's talk about use of these routers for business
These are the inexpensive, slow-processer, simple firewall capabilities, routers. First understand that there are multiple functions being slapped on these units. Some have DSL modems, and some don't. Others have wi-fi built-in, and some don't. Some have VPN, some have remote management functionality, some allow sharing of Internet as "guest", and some have router functions, and some don't. They all have firewall functionality. They should all be called firewalls because it is the common functionality, but in the old days when high-end routers were needed on most business networks, and the manufacturers started adding additional functionality, the term router stuck to the box and everything else was built in.
The firewall functionality is by far the most important part of the box, and it requires high-powered CPUs and full-function software. This is fairly expensive. So soon there was created consumer routers that could lock the door on your home network, but any competent hacker or malware can readily break into your home network. And that's okay because you don't have much to lose on your home network. Until you do.
In the world of Remote Work often have your business network, in the way of a laptop, is sitting in your kitchen. You now have your low-cost low-end router defending your corporate Intellectual Property (IP), your Enterprise Resource Management (ERP) system, your Customer Relationship Management (CRM) system, and your financial systems. All of your employees working at home with $50 routers the weakest link in your castle walls. The makers of ransomware are salivating.
Anyway, we are not at the worst news yet...
Older Netgear routers aren't going to get fixed
If you have an older piece of equipment that isn't slated for additional security fixes, here is the solution. Your best bet is to use the browser-based interface to access your router and be sure that its remote management feature is set to "disabled." The best thing to do is to lock down the routers. But if you have no remote management, how do your IT resources deal with it?
Note however that this will not offer bullet proof protection. Someone with physical access to your network could still exploit the issue but disabling remote administration does go a long way in terms of protecting you and your network.
Here is the complete list of impacted Netgear routers:
- D6300, firmware version 1.0.0.90 and 1.0.0.102
- DGN2200, firmware version 1.0.0.58
- DGN2200M, firmware version 1.0.0.35 and 1.0.0.37
- DGN2200v4, firmware version 1.0.0.102
- R6250, firmware versions 1.0.4.36 and 1.0.1.84
- R6300v2, firmware version 1.0.3.6CH, 1.0.3.8, and 1.0.4.32
- R6400, firmware version 1.0.1.20, 1.0.1.36, and 1.0.1.44
- R7000, firmware versions 9.88, 9.64, 9.60, 9.42, 9.34, 9.18, 9.14, 9.12, 9.10, 9.6, and 8.34
- R8000, firmware version 1.0.4.18, 1.0.4.46
- R8300, firmware version 1.0.2.128 and 1.0.2.130
- R8500, firmware version 1.0.0.28
- WGR614v9, firmware version 1.2.32NA
- WGR614v10, firmware version 1.0.2.66NA
- WGT624v4, firmware version 2.0.12NA and 2.0.13.2
- WN3000RP, firmware versions 1.0.2.64 and 1.0.1.18
- WNDR3300, firmware versions 1.0.45, 1.0.45NA, and 1.0.14NA
- WNDR3400, firmware versions 1.0.0.52 and 1.0.0.38
- WNDR3400v2, firmware versions 1.0.0.54 and 1.0.0.16
- WNDR3400v3, firmware versions 1.0.1.24 and 1.0.0.38
- WNDR3700v3, firmware versions 1.0.0.42, 1.0.0.38, and 1.0.0.18
- WNDR4000, firmware versions 1.0.2.10, 1.0.2.4, and 1.0.0.82
- WNDR4500v2, firmware versions 1.0.0.60 and 1.0.0.72
- WNR1000v3, firmware version 1.0.2.72
- WNR2000v2, firmware versions 1.2.0.8, 1.2.0.4NA, and 1.0.0.40
- WNR3500, firmware version 1.0.36NA
- WNR3500L, firmware versions 1.2.2.48NA, 1.2.2.44NA, and 1.0.2.50
- WNR3500Lv2, firmware version 1.2.0.56
- And WNR834Bv2, firmware version 2.1.13NA
My perspective
If you have one of these routers, consider upgrading. Stay on guard. But the best thing it to get a small business IT service provider who works with these products every day, to give you the options.
You might fell a bit like NASA's Jim Lovell, saying:
"Houston, we have a problem"
By Denis Wilson
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.
I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.
Contact me if you would like me to speak for free to your association
