Netgear R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Netatalk library that is installed on NETGEAR R6700v3 routers. The issue results from the use of an outdated version of Netatalk containing known vulnerabilities. An attacker can leverage this vulnerability to execute code in the context of root.

NETGEAR has issued an update to correct this vulnerability.

NETGEAR has released fixes for these vulnerabilities on the following product models:

Fixed Wireless

  • R7100LG fixed in firmware version 1.0.0.76

Routers

  • R6400 fixed in firmware version 1.0.1.78
  • R6400v2 fixed in firmware version 1.0.4.126
  • R6700v3 fixed in firmware version 1.0.4.126

Wireless

  • DC112A fixed in firmware version 1.0.0.64

More details can be found at:
https://kb.netgear.com/000064719/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0321

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: