Security Affairs
Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the […]

Netgear Nighthawk R6700v3

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router.

Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router.

Netgear Nighthawk R6700v3

An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the list of flaws discovered by the researchers:

Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Experts also discovered that the version of minidlna.exe running on the routers is affected by publicly known vulnerabilities. We recommend upgrading to a more recent version.

The researchers also reported that the device uses a MiniDLNA version which is known to be affected by multiple flaws.

Below is the disclosure timeline shared by Tenable:

  • September 30, 2021 – Tenable discloses to vendor.
  • October 4, 2021 – Vendor provides formal acknowledgment.
  • October 7, 2021 – Vendor requests clarification. Tenable needs more information from vendor. Vendor supplies information.
  • October 8, 2021 – Tenable provides testing suggestions.
  • October 26, 2021 – Tenable requests status update.
  • November 12, 2021 – Vendor provides status update.

The vulnerabilities affect firmware version 1.0.4.120, which is the latest release for the device.

Tenable pointed out that at the time of this writing the vulnerabilities are yet to be addressed.

“Tenable has not been informed of any available patches for these issues at the time of this writing.” states Tenable.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Netgear Nighthawk)

[adrotate banner=”5″]

[adrotate banner=”13″]