Netgear patches serious bug found in several popular routers

(Image credit: Image Credit: Geralt / Pixabay)

Netgear has fixed a high severity remote code execution (RCE) vulnerability in the Circle parental control service, on several of Netgear’s Small Offices/Home Offices (SOHO) routers.

What makes this vulnerability particularly interesting, is that even though it exists in a third-party component included in the firmware, it is just as damaging as a vulnerability that exists in the Netgear core’s firmware, because of the fact that Circle runs with root permissions. 

“The Circle update daemon that contains the vulnerability is enabled to run by default, even if you haven’t configured your router to use the parental control features. While it doesn’t fix the underlying issue, simply disabling the vulnerable code when Circle is not in use would have prevented exploitation on most devices,” notes Adam Nichols, researcher with cybersecurity experts GRIMM.

Nichols suggests the vulnerability serves as a cautionary tale, and helps demonstrate the importance of attack surface reduction.

Don’t talk to strangers

Under normal circumstances, a simple mitigation for the vulnerability (tracked as CVE-2021-40847) in Circle would have been to disable the service. However, this wouldn’t work here, since the vulnerability actually exists in Circle’s update daemon, circled, which too is enabled by default. 

In the post, Nichols explains that the update process relies on fetching unsigned updates over the unencrypted HTTP protocol. He reasons that an attacker can hijack the update process via a Man-in-the-Middle (MitM) attack, which would enable them to run code as root on the device. 

While Netgear has issued patches to fix the issue, GRIMM recommends the use of VPN to mitigate the risk posed by compromisable network routers.

Update: A Circle representative responded to our coverage with the following statement:

"Circle created software fixes to resolve recently publicized security vulnerabilities for a loader on Netgear routers and has worked with Netgear to ensure that it is available for Netgear customers. Circle recommends that Netgear users ensure that they are using the latest firmware for their Netgear routers. No other Circle customers are impacted by this vulnerability."

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.