Tag Archives: Netgear

Dozens of Netgear Products Vulnerable to Authentication Bypass

Not only are hackers lazy but security researchers are lazy too.  Researcher Simon Kenin was being lazy one day and decided to try to hack his Netgear router.  Interesting definition of lazy – his, not mine.

He came upon an old, known authentication vulnerability. It allowed him to recover his forgotten password without authenticating himself appropriately.  The next day, he gathered more Netgear equipment in an effort to reproduce the problem. But he made a mistake.

Even with the mistake, the router coughed up his password.  This led him to a new vulnerability.  Apparently, even without the appropriate preconditions, a call to passwordrecovered.cgi will hand back your credentials.

While this has to be a mistake, it is a pretty serious mistake.

The researcher discovered that this exploit works on a wide variety of Netgear routers; way more routers than the old exploit worked on.

The researcher discovered at least ten thousand devices online which are vulnerable to the exploit, but he thinks that the real number is probably in the hundreds of thousands or maybe even millions.

Worse yet, if the owner of the router has enabled remote administration – being able to manage the router from the Internet – then anyone, anywhere in the world, can exploit this vulnerability.

If remote administration is not turned on  (it is not turned on by default) then you would need to be on the same network as the router, such as in a Starbucks or any place that offers public access.

If the vulnerability is exploited, then the hacker “owns” that network and can pretty much do anything that he wants to do.  Anything.  That would include listening to any unencrypted traffic on the network and possibly, using a man in the middle attack, even listen to encrypted traffic.

It appears this vulnerability may have been discovered almost a year ago.  Initially Netgear said that 18 models were affected, later they said that over 40 models were vulnerable.

In June of last year Netgear released a fix for a few models and a workaround for others.

Any idea what percentage of Netgear owners (a) are aware of the advisory and (b) did anything about it?  My guess is that the answer is close to ZERO.

Netgear posted a page in their knowledge base that says not to worry, there is a patch available for MOST of those routers.

Any idea what percentage of Netgear router owners are aware of this knowledge base article?  About the same as the number who have patched the vulnerable devices.

In fairness to Netgear, if you DO NOT enable remote administration, you make it a little bit harder for the bad guys.  Not terribly comforting.

This is the new world.  There are lots of devices that no one is patching.  When was the last time YOU patched YOUR Internet router?  I thought so.

This is a potentially enormous problem.  Not because of this Netgear device but because there are hundreds or thousands of issues like this that go unnoticed by almost everyone.

Except for the bad guys.  THEY read the alerts.  And use.  Or abuse. them.

Information for this post came from CSO Online.

 

 

 

 

CERT Says Stop Using Some Netgear Routers

Carnegie Mellon’s Computer Emergency Response Team issued an alert regarding some Netgear Internet Routers that are susceptible to a vulnerability for which there is, apparently, no good fix.

They called out two routers in particular, the R6400 and R7000, but while Netgear has been very quiet about it, they did post a security update on Sunday saying that the R8000  is also vulnerable and others may be vulnerable too.

All that is required to take over the router is to get the owner to visit a specially crafted web page and the attacker will own the router.

If the attacker is inside your network – for example after a phishing attack – then the attacker can issue a command similar to this:

http://<router-ip>/cgi-bin/;COMMAND

and again, can take over the router.

Carnegie Mellon suggests that you can disable the web interface – making the router unmanageable by a hacker – and also unmanageable by you.

The alternative, CMU says, is to take your router outside, run it over with your car a few times to get rid of your frustrations and buy a new router.

For whatever reason, CMU says that they are unaware of a practical solution to this problem.

Think about that.  Apparently the problem is so hard to fix for whatever reason that they are recommending replacing the router.

The fact that Netgear is being so quiet about it would tend to indicate that this is not something that is easily patchable for whatever reason.

What seems possible here is for the attacker, after he or she gets control of it, to use your router and your Internet bandwidth to attack other websites.

Sooooooo,

If you have a Netgear router at your home or office, it sounds like the smart thing to do would be to replace it with a different brand,

Talk about reputational damage.  Holy router hack Batman.

Information for this post came from ZDNet and CERT.