Some Netgear Routers Need to Be Patched Immediately

This may be a full RCE vulnerability but from what I can tell the exploit requires intercepting or redirecting HTTP traffic from the router to the update server.<p>Thats definitely a massive problem because anyone with access to DNS records (ISPs, governments, educational facilities, and so on) can remotely hack all of these devices, but on the other hand this poses no direct threat. The &quot;immediately&quot; part of the title seems overstated.<p>This just seems like a random, run-of-the-mill crappy router vulnerability to me. I&#x27;d be surprised if there was a consumer router that wasn&#x27;t vulnerable to this somehow. Good thing Netgear provides a patch, though.

I&#x27;m so glad I&#x27;ve been playing around with OpenWRT lately. I bought a second router a while back just to experiment with it and now I have automatic fail-over between two ISPs (with mwan3) and WPA2 Enterprise (with FreeRadius).<p>Needless to say, my Netgear R7000P will soon be decommissioned. I wish it were officially supported on OpenWRT because it&#x27;s got a good amount of RAM and flash that could have been put to better use.

<a href="https:&#x2F;&#x2F;kb.netgear.com&#x2F;000064039&#x2F;Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204" rel="nofollow">https:&#x2F;&#x2F;kb.netgear.com&#x2F;000064039&#x2F;Security-Advisory-for-Remot...</a><p>This link covers more the actual article.<p>TLDR: RCE on R6400v2 R6700 R6700v3 R6900 R6900P R7000 R7000P R7850 R7900 R8000 RS400

Why the hell do I have to manually download the new firmware and deploy it to fix this? My Netgear router has usually been able to update itself in the past just by logging into the admin console and checking for new firmware updates.