What makes this vulnerability particularly interesting, is that even though it exists in a third-party component included in the firmware, it is just as damaging as a vulnerability that exists in the Netgear core’s firmware, because of the fact that Circle runs with root permissions.
“The Circle update daemon that contains the vulnerability is enabled to run by default, even if you haven’t configured your router to use the parental control features. While it doesn’t fix the underlying issue, simply disabling the vulnerable code when Circle is not in use would have prevented exploitation on most devices,” notes Adam Nichols, researcher with cybersecurity experts GRIMM.
- These are the best small business routers
- Here’s our list of the best secure routers
- We’ve also rounded up the best powerline adapters
Nichols suggests the vulnerability serves as a cautionary tale, and helps demonstrate the importance of attack surface reduction.
Don’t talk to strangers
Under normal circumstances, a simple mitigation for the vulnerability (tracked as CVE-2021-40847) in Circle would have been to disable the service. However, this wouldn’t work here, since the vulnerability actually exists in Circle’s update daemon, circled, which too is enabled by default.
In the post, Nichols explains that the update process relies on fetching unsigned updates over the unencrypted HTTP protocol. He reasons that an attacker can hijack the update process via a Man-in-the-Middle (MitM) attack, which would enable them to run code as root on the device.
Update: A Circle representative responded to our coverage with the following statement:
"Circle created software fixes to resolve recently publicized security vulnerabilities for a loader on Netgear routers and has worked with Netgear to ensure that it is available for Netgear customers. Circle recommends that Netgear users ensure that they are using the latest firmware for their Netgear routers. No other Circle customers are impacted by this vulnerability."
- Here’s our list of the best wireless mesh routers