Security News > 2021 > December > Netgear leaves vulnerabilities unpatched in Nighthawk router
Researchers have found half a dozen high-risk vulnerabilities in the latest firmware version for the Netgear Nighthawk R6700v3 router.
Nighthawk R6700 is a popular dual-bank WiFi router advertised with gaming-focused features, smart parental controls, and internal hardware that is sufficiently powerful to accommodate the needs of home power users.
CVE-2021-20174: HTTP is used by default on all communications of the device's web interface, risking username and password interception in cleartext form.
On top of the aforementioned security issues, Tenable found several instances of jQuery libraries relying on version 1.4.2, which is known to contain vulnerabilities.
The recently disclosed flaws affect firmware version 1.0.4.120, which is the latest release for the device.
The current security report refers to Netgear R6700 v3, which is still under support, not Netgear R6700 v1 and R6700 v2, which have reached end of life.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-30 | CVE-2021-20174 | Cleartext Transmission of Sensitive Information vulnerability in Netgear R6700 Firmware 1.0.4.120 Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web interface. | 7.5 |