Vulnerabilities Found in NetGear NightHawk
Researchers have discovered multiple vulnerabilities in the latest firmware version (version 126.96.36.199) of the popular Netgear Nighthawk R6700v3 WiFi router.
An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the list of flaws discovered by the researchers:
- CVE-2021-20173: Post Authentication Command Injection via SOAP Interface.
- CVE-2021-20174: Default HTTP Communication (Web Interface).
- CVE-2021-20175: Default HTTP Communication (SOAP Interface).
- CVE-2021-23147: Insufficient UART Protection Mechanisms.
- CVE-2021-45732: Configuration Manipulation via Hardcoded Encryption Routines.
- CVE-2021-45077: Plaintext Password Storage.
Multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions. The version of minidlna.exe running on the routers is affected by publicly known vulnerabilities. We recommend upgrading to a more recent version.
The vulnerabilities affect firmware version 188.8.131.52, which is the latest release for the device.