Damn kids. Due to optional parental controls that didn't appear to be that optional, nearly a dozen widely used Netgear home WiFi router models have a serious security vulnerability and need to be patched.
The affected models are R6400v2, R6700, R6700v3, R6900, R6900P,R7000,R7000P, R7850, R7900,R8000andRS400, most of them in the "Nighthawk" line and physically nearly identical. Firmware updates are now available for all.
- Your Wi-Fi router could tell everyone where you live - what you can do
- ThatThe best wireless routers
- Plus: Any Mac can be hacked with this new bug and there is no fix yet
The flaw can be exploited by an attacker who gains access to your Wi-Fi network, which may not always be as difficult as it seems, and then uses it to take control of your home or small office network and give you to send god-knows-where on the internet.
Since Netgear markets its home routers using somewhat misleading terminology — for example, the R7000 is also dubbed the "Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router" — you might want to turn your router over and check the sticker on the bottom for the real model name.
How to update the firmware of your Netgear router
To update your router's firmware, Netgear'ssecurity advice(opens in new tab)recommends going to the support page athttps://www.netgear.com/support/(opens in new tab), and then enter your model number. From there you will be taken to your model's support page. You can download a zip file to your PC and unzip the file.
Then use your favorite web browser to access your router's management interface (most likely at http://192.168.1.1), click the Advanced tab, select Management and click Router Update. From there you can upload the file to the router.
However, for most of these routers, it is just as easy to download the firmware update directly to the router. Follow the web management interface instructions in the paragraph above and then click the Check for updates button instead of uploading a file from your PC or Mac.
Vulnerable Disney Circle software
The problem here stems from the Disney-designed Circle parental controls feature, which launched in 2017 as an optional add-on feature on Netgear Nighthawk and Orbi mesh routers, some of which are already in customers' homes.
The Orbis and newer Wi-Fi 6 Nighthawks received Netgear-developed parental control software earlier this year, while the Circle service for older Nighthawk models ended in late 2020.
Here's the rub: If you have one of the affected routers, the vulnerable Circle software resides on your device, regardless of whether you've ever incurred the $4.99 monthly fee for the Circle feature.
"The Circle update daemon that contains the vulnerability is enabled by default, even if you haven't configured your router to use parental controls," he explainsAdam Nichols(opens in new tab)D.C.-area security firm GRIMM in a blog post.(Computer piepst(opens in new tab)reported earlier about this story.)
"While it doesn't fix the underlying issue, simply disabling the vulnerable code when not using Circle would have prevented exploitation on most devices."
In other words, you have an issue with software that you probably didn't ask for and may have been introduced into your device via a post-purchase firmware update.
A side note on Netgear security patches
We've co-run many Netgear router security alerts over the past few yearsat least two in 2020. Therefore, we would like to reiterate that Netgear's consistent policy of finding, patching, and releasing security vulnerabilities is a good thing, despite the resulting negative publicity.
The only reason you don't hear about many security flaws from some other major router manufacturers is because they don't tell you about the flaws. At least we know when things go wrong with Netgear routers and how to fix them.
The same principle applies to Windows PCs, Macs, iPhones and Android phones. All of these devices get regular security updates to fix bugs and are all the better for it. You don't want a router that never gets firmware updates.
- Your Router's Security Stinks: Here's How to Fix It
What's going on here?
Cataloged as CVE-2021-40847, this bug was discovered by GRIMM researchers. They noticed that on older Netgear Nighthawk routers there was a circle update daemon or mini-program called "circled" (probably "circle-dee").
After some investigation, they found that the Circle update daemon ran as root, was enabled by default, and could be exploited even when disabled.
"The Circle Parental Control Service update process on various Netgear routers allows remote attackers with network access to gain RCE [Remote Code Execution] as root via a man-in-the-middle (MitM) attack," Nichols wrote on the GRIMM to blog.
According to Nichols, since Netgear's firmware updates are downloaded over plain HTTP and not encrypted, they could theoretically be intercepted, modified, and then passed to the routers in a poisoned form -- a classicMan-in-the-Middle-Angriff.
NETGEAR protects against this by encrypting and digitally signing its firmware update files, making it quite difficult for an attacker to read, modify, or install modified firmware.
Not so circle. Its update file is just a compressed database without any internal protection.
GRIMM showed that it was not difficult to inject malicious code into a Circle update and from there take complete control of a router, which in turn would give the attacker complete control over your home (or small office) Internet traffic.
This may not be entirely Circle's fault. It could be that the firmware update connections are set via their daCircles with DisneyHardware devices have been encrypted, eliminating the need to encrypt the update files as well.
If so, then this new bug could be due to something getting caught between the cracks in the different update models when porting the Circle software to Netgear devices.
The Netgear firmware you want to end up with
Here's a list from the Netgear site of the firmware versions you want on each device.
- R6400v2 fixed in firmware version 18.104.22.168
- R6700 fixed in firmware version 22.214.171.124
- R6700v3 fixed in firmware version 126.96.36.199
- R6900 fixed in firmware version 188.8.131.52
- R6900P fixed in firmware version 3.3.142_HOTFIX
- R7000 fixed in firmware version 184.108.40.206
- R7000P fixed in firmware version 220.127.116.11_HOTFIX
- R7850 fixed in firmware version 18.104.22.168
- R7900 fixed in firmware version 22.214.171.124
- R8000 fixed in firmware version 126.96.36.199
- RS400 fixed in firmware version 188.8.131.52
In the know
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Paul Wagenseil is Senior Editor at Tom's Guide and focuses on security and privacy. He's also been a dishwasher, fryer, truck driver, code monkey, and video editor. He's been poking around at FoxNews.com, SecurityNewsDaily, TechNewsDaily, and Tom's Guide for more than 15 years, has spoken at ShmooCon, DerbyCon, and BSides hacker conferences in Las Vegas, and has appeared on random TV news spots and even hosted one Panel discussion at the CEDIA Home-Technology Conference. You can follow his rants on Twitter at@snd_wagenseil.
More about security
No comments yetComment from the forums
This could lead to hackers stealing sensitive information like passwords and bank account information. Netgear has rated this vulnerability "critical." The malware installation isn't the only flaw in the security of Netgear routers, but it is the most severe.Is NETGEAR owned by China? ›
Netgear, Inc. is an American computer networking company based in San Jose, California, with offices in about 22 other countries.How do I secure my Netgear router? ›
NETGEAR recommends changing the default password to increase the security of your network. Select Wireless Settings from the left side navigation bar. Under Security Options, select WPA-PSK (Wi-Fi Protected Access Pre-Shared Key). In Security Encryption (WPA-PSK) > Passphrase, enter a passphrase.Is NETGEAR anywhere access safe? ›
The Anywhere Access feature in the Nighthawk and Orbi apps uses a secure, authenticated connection through the NETGEAR Cloud and does not open any ports.Can you tell if your router has been hacked? ›
Router login failure
Having trouble logging into your router's admin settings is an immediate sign of having your router hacked. Since passwords can't change themselves, a hacker likely used some kind of password attack to break into your router's settings.
Can a Wi‑Fi router be hacked? It's entirely possible that your router might have been hacked and you don't even know it. By using a technique called DNS (Domain Name Server) hijacking, hackers can breach the security of your home Wi‑Fi and potentially cause you a great deal of harm.Who is NETGEAR owned by? ›
As Netgear grew along with the market it helped to create, control over the company changed hands. In August 1998, Bay Networks sold the company to Nortel Networks Corp., a Canadian firm that ranked as one of the largest makers of telecommunication equipment in the world.Which country owns WiFi? ›
The Owner of the WLAN Patent
One key patent for Wi-Fi technology that has won patent litigation lawsuits and does deserve recognition belongs to the Commonwealth Scientific and Industrial Research Organisation of Australia.
- Avoid the kitchen. ...
- Place your router centrally. ...
- Adjust the antennae. ...
- Avoid walls. ...
- Place it out in the open. ...
- Avoid electronic items. ...
- Don't place it on the floor. ...
- Mirrors and fish tanks.
Most NETGEAR products:
Username for all models: admin. Password for current models: password. Password for older models: 1234.
NETGEAR Armor powered by Bitdefender offers the one-stop Internet security solution built into your WiFI and a bundled bonus of award- winning protection for any device connected to a NETGEAR router.Can someone on my network see what I doing? ›
Yes. The WiFi owner has access to the admin panel from the WiFi router, meaning they can see the browsing information performed on their WiFi network. In addition, routers see log information, including when and what you did on your computer.Can Netgear router track browsing history? ›
Yes, just like the Asus and TP-Link routers, Netgear also keeps logs which are needed for diagnosing any particular issue that happens with the device or network.Can NETGEAR see history? ›
"Netgear routers do not track any user web activity or browsing history except in cases where a user opts in to a service and only to provide information to the user," a Netgear spokesperson said, offering the examples of parental controls that allow you to see the sites your child has visited, or cybersecurity ...Can I check if someone is using my WiFi? ›
Use a Wi-Fi detective app
You can search the app store for options, but one reliable app is called WiFi Guard, available for both iOS and Android. This app gives you a list of all connected devices, which you can scan to see if there are any devices you don't recognize.
A screenshot example of a wireless network that your router could connect to. Every single thing any device in your home does “on the internet” is sent through your router. So, if a hacker takes control of your router, they can theoretically see and/or control everything you do on the internet.Can someone spy on you through WiFi router? ›
Hackers can hack your router, spy on your Wi-Fi connection and even eavesdrop on your conversations to steal personal information such as credit card details, passwords to your social media accounts, and even compromise your online banking apps.How can I see who is accessing my router? ›
You can open your router's management page by typing its IP address in your browser's address bar. Once there, look for an option that sounds like "Attached Devices" or "Client List." This will present you with a similar list as Wireless Network Watcher, but the information may be slightly different.Can you see what someone is doing on their phone through WiFi? ›
Yes. If you use a smartphone to surf the Internet, your WiFi provider or a WiFi owner can see your browsing history. Except for browsing history, they can also see the following information: Apps you were using.Is NETGEAR a good company? ›
Is NETGEAR a good company to work for? NETGEAR has an overall rating of 3.9 out of 5, based on over 333 reviews left anonymously by employees.
Netgear routers are great for people who want to have a reliable and fast internet connection. They also work well with multiple devices, so if you're looking for something that can handle your gaming console or smart TV as well as your laptop, then this is the router for you.Does Amazon own a router company? ›
Amazon says it has officially closed its acquisition of Eero, that independent maker of stupendously easy-to-use internet routers. Amazon purchased the company for an undisclosed sum in a deal that was first announced a month ago.Which country is totally free internet? ›
The number one country with the freest internet in the world, Estonia has become a model for free and open internet access. Over the years, this small country in Northern Europe has invested a lot in its development and is now trying to show the world it is much more than that.Which country is internet free? ›
In 2022, Iceland ranked first in terms of internet freedom worldwide. The country placed first with 95 index points on the Freedom House Index. Each country received a numerical score from 100 (the most free) to 0 (the least free).Who has the best WIFI in the world? ›
Ranked: Fixed Broadband Speeds.
|Rank||Country||Mean download speed (Mbps)|
Over the past three years, we've tested and evaluated almost 70 routers over 360 hours, and we've determined that the best router for wirelessly connecting your laptops, your smart devices, and anything else your daily life depends on is the TP-Link Archer AX50.What is the strongest WiFi router? ›
- Best overall: TP-Link Archer AX90.
- Best for budgets: TP-Link Archer A10.
- Best for gamers: NETGEAR Nighthawk RAX200.
- Best for Wi-Fi 5: ASUS RT-AC88U.
- Best for mesh: Amazon Eero Pro 6.
As a rule of thumb, a Netgear representative told us, consumers should consider replacing their router after three years, and representatives from Google and Linksys said a three-to-five-year window was appropriate. Amazon, which owns the popular Eero brand of routers, put the range at three to four years.How far should I sit away from a WiFi router? ›
While EMF emissions from different routers vary, for most home WiFi routers, a distance of 40 feet (ideally, or 10 feet at a minimum) will help your body and shouldn't impact your WiFi connection too much.Is it better to place router higher or lower? ›
Routers tend to spread their strongest signals downward, so it's best to mount the router as high as possible to maximize coverage. Try placing it high on a bookshelf or mounting it on the wall in an inconspicuous place.
Appliances and electronics like microwaves, baby monitors, cordless phones, and Bluetooth speakers can mess with Wi-Fi signals because they use similar radio frequencies. Try to avoid putting any of these things too close to your router, or you might get some signals crossed.What is the strongest password for Wi-Fi? ›
A strong password is a unique word or phrase a hacker cannot easily guess or crack. Here are the main traits of a reliable, secure password: At least 12 characters long (the longer, the better). Has a combination of upper and lowercase letters, numbers, punctuation, and special symbols.What is the most common default username and password of a router? ›
#2) Generally, for most of the routers, the default username and password is “admin” and “admin”. However, these credentials may vary depending upon the maker of the router.What is the most used Wi-Fi password? ›
- Asus RT-AX88U AX6000.
- Eero Pro 6 Mesh Wi-Fi.
- Netgear Nighthawk R8000.
- TP-Link Archer AX55.
- Synology RT2600ac.
- Gryphon AX Mesh Wi-Fi.
- ASUS AX6000 WiFi 6 Gaming Router (RT-AX88U)
- Linksys WRT AC3200 Dual-Band Open Source Router.
- NETGEAR Nighthawk Smart Wi-Fi Router, R6700 – AC1750.
- NETGEAR 4-Stream WiFi 6 Router (R6700AX)
- TP-Link AC5400.
Nighthawk routers are secured at the network level. This means that through technology like a built-in firewall and Wi-Fi Protected Access (WPA), your Nighthawk router secures your home network from threats like malicious websites and viruses..Is there a way to see all the devices on my network? ›
You can check how many personal devices are connected to your Wi-Fi network in the Google Home app or the Google Wifi app.How do you know what others are browsing on my wifi? ›
Wireshark is a popular packet capturing tool, design especially to see what people are browsing on a network in real-time. Once you start the software, it shows the IP address of all the devices on your network. Simply select the one – you want to monitor and launch the packet capture session.Can someone see my search history if I delete it? ›
Since the confidential history files are actually not gone from your computer after deletion, they can be accessed and recovered by unauthorized parties using free file recovery tools available on the web.
- Launch a web browser from a computer or mobile device that is connected to your router's network.
- Click Enter or tap Search. ...
- Enter the router user name and password. ...
- Select ADVANCED > Administration > Logs. ...
- To refresh the log page, click the Refresh button.
- Use a VPN. Your internet service provider can't see your history when you use a VPN. ...
- Browse with Tor. ...
- Change your DNS settings. ...
- Install HTTPS Everywhere. ...
- Use a privacy-conscious search engine.
- Launch a web browser from a computer or wireless device that is connected to your router's network.
- Enter the router user name and password. ...
- Select ADVANCED > Advanced Setup > Traffic Meter.
- Select the Enable Traffic Meter check box.
- (Optional) Control the volume of Internet traffic.
The information does not include information such as browser history or sites visited. Rather, the data collected includes: information regarding the router's running status, number of devices connected to the router.Why is Netgear not secure? ›
NETGEAR routers use self-signed certificates to encrypt the data that is transferred over these domains. When you enter your router's IP address or domain name in the address field of your browser, a security warning might display because of the self-signed certificate. This is expected behavior.Can a Netgear router get a virus? ›
Yes, a Wi-Fi router can get a virus. Wi-Fi routers are a bridge from your computer or phone to the internet, and they're lucrative targets for cybercriminals. Malware on a router can spread to any device connected to the router.What happens if your WiFi router is hacked? ›
Your router is responsible for managing the connection between your internet-connected devices and your home Wi-Fi. Once your router has been successfully hacked, the third-party can carry out a number of malicious activities including identity theft, malware attacks and website reroutes.How do I make my WiFi completely secure? ›
- Change the default name and password of your home network. ...
- Limit access to your wireless network. ...
- Create a home guest network. ...
- Turn on WiFi network encryption. ...
- Turn on your router firewall. ...
- Turn off your WiFi network when you leave home. ...
- Update your router's firmware.
- Best Overall: Asus RT-AX88U at Amazon. ...
- Best Value: TP-Link Archer AX50 at Amazon. ...
- Best Mesh: Eero Pro at Amazon. ...
- Best Gaming: Asus GT-AX11000 at Amazon. ...
- Best Parental Controls: Synology RT2600ac at Amazon. ...
- Best Design: Netgear Nighthawk RAX80 at Amazon. ...
- Best for Travel: ...
- Best Under $50:
NETGEAR Nighthawk Smart WiFi Router AC1900 (R7000)
Featuring fast Wi-Fi performance, the R7000 is still one of the best secure routers you can get even a few years after being released – and you stand a good chance of picking it up in the sale.
If an unauthorized person wants to see you through your phone's camera, using a spyware app is a viable method. Fortunately, if your stalker isn't a sophisticated hacker, the software they use may appear as an open application running behind the scenes.Can you tell what someone is looking at on your Wi-Fi? ›
Yes. The WiFi owner has access to the admin panel from the WiFi router, meaning they can see the browsing information performed on their WiFi network. In addition, routers see log information, including when and what you did on your computer.How do I check for malware on my Netgear router? ›
To check for malware on a Wi-Fi router, look for a changed DNS server address on your Wi-Fi router settings or download and install dedicated scanning software. If you find malware on your router, perform a full factory reset to solve the problem. Your Internet searches and Internet traffic should speed up.How do I scan my Wi-Fi for viruses? ›
- Open AVG AntiVirus FREE and click Computer under the Basic Protection category.
- Select Network Inspector. ...
- Choose the type of network you're using: Home or Public.
- After you make your selection, AVG AntiVirus FREE will start scanning your wireless network.
About "Stealth Mode": Stealth mode prevents the router from responding to probing requests. The router will still answer incoming requests for authorized apps. Unexpected requests, such as ICMP (ping) are ignored. Do not enable Stealth Mode unless you understand the technical impacts.Can someone hack my router with my IP? ›
Cybercriminals use your IP address to discover what type of home Wi-Fi router you use. Then, they can “brute-force” hack your network and infect any internet-connected devices (like your smart TV, Home Assistant, or even baby monitor).Can my WiFi be hacked through my phone? ›
One of the many methods used by hackers includes the infiltration of Wi-Fi networks. Yes, hackers can gain access to a mobile phone (Android or iOS) by using Wi-Fi networks. Generally, hackers use Man In The Middle attacks, aka DNS Hijacking, to infiltrate Wi-Fi routers.