UPDATE 23/09: Circle Media Labs, which offers the Circle parental control software, have released a statement regarding the Netgear router vulnerabilities. A spokesperson for the company said:
“Circle created software fixes to resolve recently publicized security vulnerabilities for a loader on Netgear routers and has worked with Netgear to ensure that it is available for Netgear customers. Circle recommends that Netgear users ensure that they are using the latest firmware for their Netgear routers. No other Circle customers are impacted by this vulnerability. Circle Parental Controls is not a Disney product.”
Circle continues to be offered as an in-home device and app subscription, but the partnership with Disney has long since ended. If you use one of Circle’s supported devices and subscriptions, then this vulnerability won’t impact you. It’s only households using one of the Netgear router models listed below that need to install the firmware updates as soon as possible.
A serious security flaw has been discovered on 11 Netgear wireless routers, and it’s imperative a firmware patch is installed as soon as possible if you own one of the affected devices.
The Netgear routers that need a firmware update are:
- R6400v2
- R6700
- R6700v3
- R6900
- R6900P
- R7000
- R7000P
- R7850
- R7900
- R8000
- RS400
The easiest way to find out which Netgear router you own (the name and model number typically aren’t the same) is to look at either the back or base of your router where the model number will be listed. If yours is on the above list, head over to Netgear’s Security Advisory page and follow the instructions on how to download the correct firmware. The download includes instructions on how to carry out the installation.
As Tom’s Guide reports, a serious security flaw discovered on these routers allows for remote code execution. The vulnerability can be traced back to parental control software offered by a company called Circle Media Labs.
You may remember that back in 2016 we got the Circle with Disney parental control software and device combo. Netgear embraced the same parental control software and offered it as an optional service with some routers for $4.99 a month. As the Grimm blog explains, even if you didn’t pay for it, the Circle software was pre-installed on these routers and an update process for the software is enabled by default. It’s here where the vulnerability lies, allowing a hacker to use a man-in-the-middle attack to infiltrate your home network and take control.