H-ISAC TLP White Netgear Vulnerability Impacts Thousands of Routers; Possible Medical Equipment Impact

Security researchers have discovered a vulnerability in a pre-installed component of several Netgear routers. The vulnerability, designated CVE-2021-40847, is related to third-party parental control software Circle, which is designed and developed by the Disney Corporation. The optional software, even if it was not utilized, came pre-installed on several types of Netgear routers.

Medical devices that might be affected by this vulnerability include:

• Portable X-ray equipment using wireless digital X-ray imaging detectors that rely on the affected routers.
• Fixed X-ray equipment using wireless digital X-ray imaging detectors that rely on the affected routers.
• Medical equipment that might contain an embedded affected wireless router or rely on the affected routers.

Users are encouraged to update their affected Netgear products, which are listed further into the alert, to their most current firmware version. Additional details and recommendations are also included within this alert.

According to security firm GRIMM, the update process of the Circle Parental Control Service on routers allows remote attackers with direct network access to gain remote code execution (RCE) as root via a Man-in-the-Middle (MitM) attack, by uploading a specifically crafted database file. This corrupted database file can give the attacker the ability to overwrite legitimate executable files with attacker-controlled code. 

While the Circle parental controls themselves are not enabled by default on the routers, the Circle update daemon, designated circled, is enabled by default, thereby allowing actors to execute CVE-2021-40847 on routers that do not have Circle parental controls enabled.

The list of affected Netgear routers is listed below:

• R6400v2
• R6700
• R6700v3
• R6900
• R6900P
• R7000
• R7000P
• R7850
• R7900
• R8000
• RS400

View the entire report below.