Netgear firmware update issues

Netgear firmware update issues DEFAULT

It’s extremely annoying when your ISP (Internet Service Provider) promises you a good modem router combination, and then issues start occurring. That’s the deal with Netgear firmware updates getting stuck.

This is supposed to be an otherwise automatic upgrade/update system, and it should happen without you, the user, noticing that it ever happened. So, the user experience should be flawless and there should be no interruptions in your hardware’s functioning.

What Is Firmware?

Firmware is an operating system of any device that has greater technological functions. This means that current washing machines, refrigerators, routers, modems, etc. all have operating systems.

When you think of a laptop, the main operating systems we come across are Windows, Linux, and Mac OS. However, the fundamental operating system of any computer or laptop is BIOS (Basic Input/Output System).

BIOS is the firmware, and it’s just basic code, data, and memory that works to boot our computers and laptops. You can also find firmware in traffic lights, cameras, watches, even our blenders. It’s a necessary part of any hardware that makes our lives easier.

Why Firmware Updates Get Stuck?

When a firmware update gets stuck, it can be something as simple as a glitch in the system, or it can be something much worse. Sometimes, we might need to buy a new piece of hardware to solve the problem. Let’s see the reasons firmware updates get stuck:

  • Power outage: If there’s a power outage at the ISPs headquarters, or there’s a power outage on the server that’s supplying your internet connection, it interrupts your automatic update.

It can also be the node that’s closest to your home. Here, there’s not much more we can do. We need to do a reboot for the router. That’s the only thing that can help.

  • Firmware issue: There might be an issue with the firmware itself, and this means that you should get a replacement or a refund. You can’t do a lot if the firmware has an error in its code.
  • Hardware damage: Physical damage to the cables or the hardware itself might lead to an interruption in the power supply, and this might keep the update stuck. If you notice any physical damage, check if it voids the warranty.
  • ISP issues: When the hardware manufacturing company issues an update for the firmware, they provide this firmware to the ISP. From that point on, the ISP distributes the update to their subscribers.

If there’s been a breach of contract between the ISP and the manufacturer, some problems might occur. However, it’s best to contact the ISP to figure out what’s happening.

Netgear Firmware Update Fixes

Knowing why firmware updates usually get stuck, we need to understand that there are a few things we can do to resolve the situation with the Netgear firmware update that’s stuck. Let’s go over these in more detail.

Factory reset

As always, a factory reset should solve any glitches or bugs with the firmware or functionality of any hardware. To do a factory reset on any piece of Netgear hardware like a router, extender, etc., just find a button that says Reset.

By pressing and holding the button for over 30 seconds, you revert your Netgear router or modem to its factory settings. This should definitely resolve the Netgear firmware update being stuck.

Manual update

If the power supply gets interrupted at any moment, you can always try to update the firmware on your Netgear hardware manually. The thing you need to do is go to Netgear’s support page, and you need to find your router’s model.

Once you find the model, you can click on Downloads, and you can select the firmware version you need. Download it, and log into your router’s web page. You can use the address to log in, or you can follow different Netgear login directions.

Either way, once you get to the web page, go under the Advanced tab, find the Administration section, click on Firmware Update, and upload the file from your computer. The router needs to finish restarting after that, don’t disrupt the restart, and everything will work properly.

Netgear Firmware Update Stuck

Firmware downgrade

Sometimes, our hardware works better with the previous version of the operating system. You can downgrade to the previous version and you might not need to update it at all. The steps are the same as with the manual update.

Check the internet connection

The reason your Netgear firmware update is stuck might be the internet connection itself. If you’re working with Netgear’s router connected to a different modem, check out the connection to the modem.

Look for damages on the Ethernet cable. If there are none, try to test it on two different devices to see if it works as a connection between them. Also, there might be an issue with the modem’s internet access point.

Check for damage on the coaxial cable to see if that’s the reason the firmware update got stuck. Interruptions in the connection to the internet access point can cause many glitches, even in the firmware update process.

Why Should You Contact Your ISP?

The reason you should contact your ISP when a firmware update gets stuck is that they need to know in order to improve their service to you and other clients. The more people report the issue, the more pressure the ISP feels to test a new firmware update on the routers/modem they provide.

If the tests go well, they might distribute a new update that works properly. Also, if they can’t handle your situation, it might be time to look for another provider.


Firmware is a necessary component of every sophisticated piece of hardware we come across. It’s necessary to maintain it, and it’s very annoying when we try to update it, but it takes an eternity.

The Netgear firmware update gets stuck because of multiple reasons, but we can fix it by doing a factory reset, a manual update, a downgrade, or by establishing a proper internet connection. If all these fail, it’s best to contact customer support of your ISP or Netgear.

Categories GuidesSours:

Netgear Router Firmware Update Failed. What to Do?

Netgear Router Firmware Update Failed

Every Netgear Nighthawk WiFi router should go through firmware updates from time to time to make sure that it maintains the optimal performance. Basically, the firmware is a coded program that defines how your Netgear Nighthawk router works. Netgear keeps on releasing different firmware versions to ensure that your router remains from any network breaches. But what if your Netgear router firmware update failed?

This issue generally happens when your internet connection is not stable or you upload the wrong file. Sometimes, the Nighthawk router firmware update can also get stuck during the download and upload process.

But you don&#;t need to worry at all! You have reached the right page. Here, we will let you know various fixes to sort out the Netgear Nighthawk router firmware update failure issue. Read on.

Solved: Netgear Router Firmware Update Failed

1. Restart Your Devices
Most users do this prior to considering any other troubleshooting option. Restarting the Nighthawk router as well as the modem can help you resolve the issue. Once you see the Netgear router firmware update failed error, do not ignore it as this may damage your router.
After restarting the devices, try again to update the firmware on your Netgear router via the default Nighthawk router login web page.

2. Check Your Internet Connection
One of the major factors causing the Nighthawk router firmware update issues is the lack of a high-speed internet connection. This not only easily results in the firmware stuck issue but also leads you to various Nighthawk router setup problems.

In order to successfully install the latest firmware update on your Netgear Nighthawk WiFi router, you should have a stable and fast internet connection. Therefore, ensure that your internet speed is fast enough to avert this kind of issue.

3. Download the Correct Firmware Version
Choosing a wrong firmware update for your Netgear Nighthawk router may result in the failed update issue. Keep in mind to look for the correct firmware version as per the make and model number of your Nighthawk WiFi router. Also, make sure to download only the most recent version of your Netgear router firmware update via the Nighthawk login web page.

4. Avoid Pressing Any Tab During the Update
In addition, the Netgear router firmware update failed error occurs due to interruptions caused during the process. Bear in mind that once you have tried updating your Netgear Nighthawk router the second time, don&#;t press any tab or open any window. This may take you to the failure in updating Nighthawk firmware.

Give your WiFi router enough time to update the firmware. As soon as the update completes, the Netgear Nighthawk router should restart. This may take a few minutes. Now, it will connect to your WiFi network again.

After checking all the aforementioned points, try again to download and install the latest firmware update on your Netgear Nighthawk wireless router. In the event that you are still struggling with the Netgear router firmware update failed issue, let our experts know. They will surely help you out.

  1. Meme reaction images
  2. Twitch logo creator free
  3. Burka fashion
  4. Azure rest api
  5. Hillary clintons health youtube

Firmware Update Causes More Problems than it Solves

You have the R?

What firmware are you currently on?

there has been issues with the firmware for the R but the vast majority of people don't have these issues. You see many posted on here but thats because the community forum is where people come with issues. 


If you are one of the unlucky ones that has a device with firmware issued, the version I'd recommend and that tends to be the most stable is

From what I've seen with the R, the best results have been to install over an ethernet connection, factory reset after the firmware change. Most can install from backup without issue but I tend to recommend a manual reinstall so an old setting doesn't cause issue. 


And this is the community forum. Its rare to find an actual employee of netgear on here. 


The other thing to keep in mind is that router was released in Its 7 years old. I'm fairly impressed that its still getting updates at all being that old. My tp-link from 2 years ago hasn't gotten a single update since release. 

Current Setup: CM> RBK> GSv2-> RAXE> Pi-hole->


Resolved: Netgear Nighthawk AC EX Firmware Update Failure

Getting a firmware update failure message while trying to update your Netgear Nighthawk AC EX firmware? If yes, you have landed on the right page. Here, you will be guided through some proven troubleshooting tips to resolve the Netgear Nighthawk firmware update failure issue. Here we go!

Reasons Behind EX Firmware Update Failed Error

Netgear Nighthawk AC firmware update failed error appears due to issues with your computer, network security, internet, extender update file, or your own extender. Let&#;s have a look at some basic reasons why your Netgear Nighthawk firmware update aborts:

  • You have downloaded and installed a corrupted firmware
  • Poor internet connection
  • Faulty extender&#;s hardware
  • Improper placement of Netgear AC EX extender
  • Weak network security
  • You are using damaged cables to connect your extender and router
  • Your system contains malicious files like Trojan, viruses, or worms that don&#;t let your Nighthawk EX extender update the firmware

So now you know the reasons why you are getting Netgear Nighthawk AC EX firmware update failure error. Without further ado, let&#;s get to know the solutions to fix the issue.

Fix Nighthawk AC Firmware Update Failure Error

Basic Troubleshooting

Prior to going for advanced troubleshooting, try to apply some basic troubleshooting hacks. Follow the steps below to resolve the Netgear Nighthawk firmware update failure issue:

  • Check the electrical outlet in which your Netgear EX AC extender is plugged in. If you find any fault, plug in your extender to another power outlet.

Note: While changing the location of your WiFi extender, be sure that it is placed in the same room as that of the main home router.

  • Disable all proxy or VPN servers you are using on your device until the Nighthawk AC EX firmware update process completes.
  • Check the internet speed and stability on your router. On the off chance if there is any network issue, fix that first with the help of our well-versed technicians.
  • Make sure that your range extender is configured properly.
  • Remember to scan your system and remove viruses, malware, or worms if detected.
  • Make sure to use a static IP address for the time your EX firmware is being updated.
  • Be certain that you have completed Netgear Nighthawk AC setup properly.

We hope that the aforementioned troubleshooting tips have taken you out of &#;can&#;t update Netgear EX extender&#;s firmware&#; trouble. However, if your Netgear Nighthawk firmware update breaks down, go with the advanced troubleshooting hacks right away. Continue reading.

Advanced Troubleshooting

  1. Download and install the Netgear Nighthawk EX firmware update from a reliable source on your system.
  2. After that, download TFTP software on your computer.
  3. Connect your Nighthawk AC EX extender to the main router via an Ethernet cable.
  4. Now, install TFTP software on your device by unzipping the downloaded file.
  5. Open TFTP software.
  6. Select the LAN adapter option.
  7. In the Host field, enter the default IP address of your Netgear Nighthawk mesh extender. In case you don&#;t know the default IP of your AC extender, it is recommended to take instant help from our experts.
  8. Thereafter, click on the Extender Firmware file.
  9. Wait for the Nighthawk EX firmware update process to finish.
  10. After that, disconnect all cable connections.
  11. Let your EX reboot once.

On the off chance if the Netgear Nighthawk firmware update doesn&#;t complete, reset your WiFi range extender once and try again.

Still getting the EX firmware update failure error? Worry not! Just get in touch with our highly-experienced technicians at and let them resolve the issue for you.

Tags: EX Firmware Update Failure, Netgear Nighthawk AC Setup

Issues update netgear firmware

Every Netgear router should go through firmware updates from time to time to ensure it maintains a high performance. The firmware is a software that comes as a coded program that defines how your Netgear router functions.

The manufacturers of Netgear keep releasing different firmware versions to ensure that your router is not affected by any network breaches. Updating the router software can prevent data loss that is often caused by a network breach. If you notice that the firmware update in your Netgear router has failed, you need to resolve it immediately. This problem often occurs when you upload the wrong file, or your internet connection is not stable. The firmware update can also get stuck during the upload or download process. Find out how to fix this problem.

What should you do when the Netgear router firmware update fails?

Restart your devices

Restart your devices

Most people do this before considering any other options. Restarting your modem and router can help you resolve the problem.As soon as you realize that the firmware update on your Netgear router has failed, you should not ignore this since you need to keep your router in the best condition. Solving this problem is easy as long as you follow instructions. You can try restarting your router and modem then go through the process of installing firmware updates again. Go to the web page of the Netgear router and open the compatible browser. Type in then press enter.

Proceed to the advanced tab

Ensure that you use the right credentials when trying to log in to the Netgear router&#;s web page. Using incorrect details can deny you access, making it hard to solve the problem. Your credentials include the router password and admin. Once you have logged into the company&#;s web page, you need to open the advanced tab and choose the Administration option.

Use the latest firmware updates

Use the latest firmware updates

Netgear keeps on releasing different firmware updates to boost the performance of your router. These updates are meant to make your router more secure and equipped with extra features. You can make sure that your router has access to the additional features by choosing the latest firmware updates. Once you get it, you should download the file then try installing it.

Check if you have an excellent internet connection

For you to successfully install the firmware updates on your Netgear router, you should have a fast and stable internet connection. One of the factors that make such updates fail is the lack of an excellent internet connection. This can easily make the update to get stuck during the installation process. Ensure that your internet speed is fast enough to avoid this problem.

Avoid pressing any tab or window during the update

Apart from that, the firmware update can fail on your Netgear router due to interruptions caused during the process. You need to ensure that once you have tried updating your router the second time, you don’t press any tabs or open any windows. This can cause an error, leading to failure in updating firmware. Give your device enough time to update the software. Once the update is complete, the Netgear router should restart. This should take a few minutes. After this, it will reconnect to your wifi network.

Look for malicious software in your device

Sometimes malicious software can also lead to an unsuccessful firmware update. If you have tried installing the latest software for the second time and are still not successful, you should scan the device. Doing this can help you detect any malicious software in your system.

Why the firmware update on Netgear router may fail

How to fix this problem

Uploading the wrong file

Ensure that you choose the latest firmware updates

Slow internet speeds

You need to have a fast and stable internet connection.

Pressing tabs or windows during the update

Avoid doing this and give the device time to update

Malicious software

Scan your device for this and get rid of it then try updating your device again

Why you need to pay attention to firmware updates while using Netgear router

The only interaction that most people have with their routers is turning it off and on when experiencing a slow internet connection. Doing only this can make you neglect your router, thus putting your data at risk. You need to update firmware regularly on your Netgear router so that you always have up to date security features.

Since every information passes through the Netgear router, you should take measures to prevent it from getting compromised.  Routers are at risk of different criminal activities like website attacks and illegal downloads. Manufacturers of these routers produce updates that can address any vulnerabilities. It is your responsibility to find the firmware updates and install them in your Netgear router.

If you keep on forgetting to do this, you should consider getting security notifications through email from Netgear. During the registration process, the manufacturer offers the option of receiving notifications via email when the latest software is available. Choosing this option ensures that you never forget to update your Netgear router accordingly.


A lot of people, especially those using Netgear router for the first time, have problems trying to install the latest firmware updates. If you can relate, you should consider restarting your router and modem and trying the process again. Log in to the company&#;s web page with the right credentials, click on the advanced tab then pick administration. Download and install the latest software updates. You need to have stable internet for the update to be successful. You can avoid any errors or interruptions during the update by not pressing any tabs on your system. If you still have problems, look for malicious software.


How long should firmware update on netgear router take?

The process should take five minutes.

Do certain routers update automatically?

Yes. Some of the models, such as Linksys, have automatic firmware updates. In such routers, you don&#;t have to keep on looking for the latest software updates to install.

Categories BlogSours:
Netgear not working Modem/Router/Repeater firmware update with TFTP Client software
Back of a router with antennas up

It’s easy to overlook that routers get firmware updates. These updates are not brought to people’s attention, but are important and should be checked on periodically. Firmware updates can be done through Netgear’s Nighthawk app, but sometimes the router simply refuses to do it. What should you do in this instance?

If your Netgear router is connected to the Internet, but won’t update its firmware, factory reset the router and turn off auto-updates. In same cases, the auto-update feature is the culprit, and can soft-brick the router, causing it to not function as it should.

This is an odd issue, but one that some people encounter. There are several other issues related to a Netgear router not updated and this article will go over some troubleshooting tips.

Netgear Router Stopped Working After Firmware Update

Router on a wooden table

Sometimes a firmware update can “break” a router. The most common issue resulting from this is a WiFi signal failing to broadcast. Considering most folks rely on the Internet in their daily lives, this is a very serious problem.

The first thing to doing is to reset the router to its factory settings. Doing this is very simple. Here are the official Netgear router factory reset instructions:

  1. Verify that your router’s power light is on.
  2. On the back of your router, locate the Restore Factory Settings or Reset button.
  3. Use a paper clip or similar object to press and hold the Restore Factory Settings or Reset button for seven seconds.
  4. Release the Restore Factory Settings or Reset button.
  5. Your router resets.

From there, follow the setup process that you did when you first got the router.

After the router has been reset to factory default settings, follow the setup process you went through when you first got the device.

Why do a factory reset? New firmware can introduce changes that are not compatible with an old configuration. By doing a factory reset, you wipe out user-enabled settings that might be in conflict with the new firmware.

You can also power cycle the router by shutting off all devices connected to it. Unplug both the router (remove the backup battery if it has one) and modem. Then wait 2 minutes for all the power to discharge before plugging everything back in. Restart all your devices and wait for the modem to establish a connection to your ISP.

Netgear Router Won’t Update Firmware

A man plugging in an Ethernet cable into the back port of a router

Normally, you should be able to update your router’s firmware from either the Nighthawk app or a Web browser. However, some people experience an issue where their router fails to update its firmware during the process.

It’s entirely possible that Netgear released a bad firmware that some routers can’t get past. We’ve ventured through the official community forums, and this indeed does happen to some people.

But before jumping to conclusions and requesting a replacement, try to downgrade your router’s firmware. To do this:

  1. Visit the support page and navigate to the corresponding section that your router falls in.
  2. If you have a standard router, click on “WiFi Routers.”
  3. If it’s an Orbi mesh system, click “Orbi WiFi System“; if it’s a Nighthawk WiFi System, click “Nighthawk WiFi System.”

From there, navigate to your specific model and click on downloads. How do you find what your model is? Underneath or behind the router, you’ll find Model: model number. It’s on the same side where the default password is printed.

Click on DOWNLOADS, then Previous Versions, select an older firmware version and download. The install instructions will be in the release notes, which are different for each router model.

Netgear Router Firmware Upgrade No Internet Connection

A man with a laptop trying to configure a router that is beside him

If your router isn’t connecting to the Internet after a firmware upgrade, similar problems and solutions apply to an earlier section in this article.

You may need to factory reset the router if you aren’t getting a connection. The reason being that new firmware can clash with settings that the user used.

here are the official instructions to factory reset the router from Netgear themselves:

  1. Verify that your router’s Power light is on.
  2. On the back of your router, locate the Restore Factory Settings or Reset button.
  3. Use a paper clip or similar object to press and hold the Restore Factory Settings or Reset button for seven seconds.
  4. Release the Restore Factory Settings or Reset button.
  5. Your router resets.

How To Fix Corrupted Firmware on Netgear Router

A man plugging in a Ethernet cable into a port in the back of a router

If you have what is essentially a bricked router, don’t panic, this can be solved easily in most cases.

  1. Refer to above, where we discussed how to found your router’s firmware version. This time you’ll want to download the latest version.
  2. Next, download the TFTP client software. That’s the Windows link; here is the link for Mac. If you are reading this on your smartphone’s cell tower data, you will need to plug your computer into the router directly with a LAN cable.
  3. Assign a static IP of the router’s default range, which is either x or x.
  4. Ping your router’s IP.
  5. Run the tftp2.exe.
  6. In the server field, punch in the default IP of the router.
  7. Shut off the router for 10 seconds and turn it back on.
  8. While the router is booting, click Upgrade and allow the process to complete.
  9. The power light should be a steady green now; in that case, the fresh firmware is successfully installed!

How Do I Reinstall Firmware on My Netgear Router?

Man configuring a router using a smartphone app

Refer to the section where we instructed on how to download the correct firmware for your router. If you were already on the latest firmware but just need to reinstall it, you can do it via the browser, provided the router isn’t corrupted. From Netgear’s website:

  1. Unzip the downloaded file if needed.
  2. Enter into a web browser.
  3. Enter the router admin username and password.
  4. The default user name is admin. The password is the one you specified the first time you logged in. The user name and password are case-sensitive.
  5. Select ADVANCED > Administration or Settings > Administration.
  6. Select Firmware Update or Router Update.

What if My Router Is Hard Bricked?

The back ports of a router

Hard bricking refers to a rendered completely useless device and cannot be restored via conventional methods. This may happen if there is a power outage while the router is updating its firmware, and this scenario can happen to almost any device where you would update the firmware, such as a smartphone or game console.

Your router comes with a one-year warranty that needs to be registered with 90 days of purchase, but unfortunately, a hard-bricked device due to a power outage or disconnection isn’t covered.

From the official warranty page:

“This warranty does not apply if the NETGEAR product fails due to damage from shipment, handling, storage, accident, abuse or misuse, or if it has been used or maintained in a manner not conforming to product manual instructions, has been modified in any way, or has had any serial number removed or defaced.”

There is hope, however. Some retail stores have a very pro-consumer refund policy, and you may be able to get a refund or replacement if you got your router there. Amazon is also quite forgiving most of the time.

If you had an old router and were considering upgrading anyway, you might be wondering what your best options are. It depends, but generally, you don’t need a crazy $+ model. We recommend looking for a model that supports WiFi 6 since more and more devices are beginning to utilize it, and it does make a big difference.

The Netgear 4-Steam strikes a good balance between performance and price and should be suitable for most homes. Alternatively, a mesh WiFi system such as the Netgear Nighthawk Mesh System might be better if your home is large. We’ve linked a video below for even more suggestions:

Final Thoughts

Having any problems with a router can be frustrating since it allows people to connect to the vast world of the internet. Many people don’t use ethernet, and thus it is quite a big deal when your router is rendered useless due to broken firmware. However, with some troubleshooting and fixing, you should be able to get it up and running again!


You will also be interested:

Thousands of Netgear routers can be hacked — here's what to do

Dang kids. Because of an optional parental-control feature that apparently wasn't so optional, nearly a dozen widely used Netgear home Wi-Fi router models have a serious security flaw and need to be patched.

The affected models are the Rv2, R, Rv3, R, RP, R, RP, R, R, R and RS, most of them in the "Nighthawk" line and physically nearly identical. Firmware updates are now available for all of them. 

The flaw can be exploited by a bad guy who gets access to your Wi-Fi network, which may not always be as hard to do as it seems, and then used to seize control of your home or small-office network and send you God-knows-where on the internet.

Because Netgear markets its home routers using somewhat misleading terminology — for example, the R is also labeled as the "Nighthawk AC Smart WiFi Dual Band Gigabit Router" — you might want to flip your router over and check the sticker on the bottom for the real model name.

How to update your Netgear router's firmware

To update your router's firmware, Netgear's security advisory recommends going to its support page at, then punching in your model's number. From there, you'll be taken to your model's support page. You can download a Zip file to your PC and unpack the file. 

Then use your favorite web browser to access your router's administrative interface (it's most likely at http://), click the Advanced tab, select Administration and click Router Update. You can upload the file to the router from there.

However, for most of these routers, it's going to be just as easy to download the firmware update directly to the router. Follow the web administrative-interface instructions in the paragraph above, and then click the check-for-update button instead of uploading a file from your PC or Mac.

Vulnerable Disney Circle software

The problem here stems from the Disney-designed Circle parental-control feature, which was rolled out to Netgear Nighthawk and Orbi mesh routers, some of them already in customers' homes, as an optional add-on feature in  

The Orbis and newer Wi-Fi 6 Nighthawks got parental-control software built in-house by Netgear earlier this year, while the Circle service was discontinued for older Nighthawk models in late

Here's the catch: If you have one of the affected routers, the vulnerable Circle software is on your device regardless of whether you ever ponied up the $ monthly charge for the Circle feature. 

"The Circle update daemon that contains the vulnerability is enabled to run by default, even if you haven't configured your router to use the parental control features," explained Adam Nichols of the D.C.-area security firm GRIMM in a blog post. (Bleeping Computer earlier reported this story.)

"While it doesn’t fix the underlying issue, simply disabling the vulnerable code when Circle is not in use would have prevented exploitation on most devices."

In other words, you've got a problem that came with software you probably didn't ask for and that may have been introduced to your device via a firmware update after you bought it. 

We've run a lot of Netgear router security alerts in the past few years, with at least twoin So we want to reiterate that Netgear's consistent policy of finding, patching and publicizing its security flaws is a Good Thing, despite the resulting negative headlines. 

The only reason you don't hear about many security flaws with some other major router makers is because they don't tell you about the flaws. At least we know when something goes wrong with Netgear routers and how to fix it.

The same principle goes for Windows PCs, Macs, iPhones and Android phones. All of those devices get regular security updates to fix flaws and are the better for it. You don't want a router that never receives firmware updates.

What's going on here?

This flaw, catalogued as CVE, was discovered by GRIMM researchers. They noticed that there was a Circle update daemon, or mini-program, called "circled" (presumably pronounced "circle-dee") on older Netgear Nighthawk routers.

After some probing, they found that the Circle update daemon ran as root, was enabled by default and could still be exploited even if it was disabled.

"The update process of the Circle Parental Control Service on various Netgear routers allows remote attackers with network access to gain RCE [remote code execution] as root via a Man-in-the-Middle (MitM) attack," Nichols wrote on the GRIMM blog. 

Because Netgear's firmware updates are downloaded over plain old HTTP and are not encrypted, Nichols explained, they could in theory be intercepted, altered, and then passed along in poisoned form to the routers — a classic man-in-the-middle attack.

Netgear protects against this by encrypting its firmware update files and digitally signing them, making it pretty difficult for an attacker to read, alter or install altered firmware.

Not so Circle. Its update file is just a compressed database without any kind of internal protections. 

GRIMM showed that it wasn't hard to sneak malicious code into a Circle update and from there completely seize control of a router, which in turn would grant the attacker complete control of your home (or small office) internet traffic. 

This may not entirely be Circle's fault. It could be that the firmware-update connections on its since-discontinued Circle with Disney hardware devices were encrypted, removing the necessity of encrypting the update files as well. 

If so, then this new flaw may be the result of something falling between the cracks in the differing update models when the Circle software was ported to Netgear devices.

The Netgear firmware you want to end up with

Here's a list from the Netgear site of the firmware versions that you want to have on each device.

  •     Rv2 fixed in firmware version
  •     R fixed in firmware version
  •     Rv3 fixed in firmware version
  •     R fixed in firmware version
  •     RP fixed in firmware version _HOTFIX
  •     R fixed in firmware version
  •     RP fixed in firmware version _HOTFIX
  •     R fixed in firmware version
  •     R fixed in firmware version
  •     R fixed in firmware version
  •     RS fixed in firmware version

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.


13049 13050 13051 13052 13053