Netgear security issue exposes 10,000 routers to password hijacking

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

Now is the right time to seriously update the firmware for your Netgear router after security firm Trustwave found a new vulnerability that leaves at least 10,000 routers exposed to password hijacking. The flaw in 31 Netgear router models exposes the device’s web GUI password to cyber attackers.

The security issue comes hot on the heels of a previous vulnerability discovered in December last year that stemmed from an issue with outdated firmware, something Netgear was quick to release a patch and fix late last year.

The new vulnerability, however, leaves the administrator password in certain Netgear routers susceptible to hackers. Trustwave reveals that several security vulnerabilities have been targeting Netgear routers since April 2016. Despite many instances of alerting Netgear to the problem, Trustwave did not receive a response from the company. Nonetheless, Netgear finally issued a security bulletin to tackle the flaw.

Simon Kenin, a researcher at Trustwave, described the flaw in a blog post:

After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is   a totally new bug that I haven’t seen anywhere else. When I tested both bugs on different Netgear models, I found that my second bug works on a much wider range of models.

Kenin noted that enabling the two vulnerabilities require either a physical or a remote access to a router:

The vulnerability can be used by a remote attacker if remote administration is set to be Internet facing. By default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wifi spaces like cafés and libraries using vulnerable equipment.

Trustwave estimates that the bugs could affect hundreds of thousands of Netgear devices. The company now urges users of Netgear routers to check this Knowledge Base Article for instructions to test your device for vulnerability. The guide also provides instructions on how to apply patched firmware for vulnerable routers.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions