Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 18.104.22.168) of the popular Netgear Nighthawk R6700v3 WiFi router.
An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the list of flaws discovered by the researchers:
Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.
Experts also discovered that the version of minidlna.exe running on the routers is affected by publicly known vulnerabilities. We recommend upgrading to a more recent version.
The researchers also reported that the device uses a MiniDLNA version which is known to be affected by multiple flaws.
Below is the disclosure timeline shared by Tenable:
The vulnerabilities affect firmware version 22.214.171.124, which is the latest release for the device.
Tenable pointed out that at the time of this writing the vulnerabilities are yet to be addressed.
“Tenable has not been informed of any available patches for these issues at the time of this writing.” states Tenable.
(SecurityAffairs – hacking, Netgear Nighthawk)