Netgear routers are currently endangered by serious security loopholes just discovered by researchers. The vulnerabilities were disclosed by Trustwave’s Simon Kenin, who has reported his findings to Netgear. Some fixes have already been rolled out in 2016 but it appears that the routers are still prone to hacks.
The security issue grants remote access to the targeted router and as a result admin access passwords are stolen. The vulnerability can be exploited if remote administration is set to Internet facing. The feature is typically turned off but anyone with physical access to a network can exploit it locally, researchers explain. An example of a place to become a victim of such an attack is a café with public Wi-Fi.
When an attacker obtains a router’s admin password, he can then check other connected devices on the network. Because many people reuse passwords the attacker could try and access other devices with the same admin passcode.
Malware such as the Mirai botnet could easily take advantage of vulnerable routers and turn them into zombie devices. Other compromise vectors include changing the DNS to infect machines on the network.
When Was the Netgear Vulnerability Found?
It was almost a year ago when the issue became known. Kenin found out he could trigger an error message on his own router. Then the router could be made to reveal the numerical code used with the password recovery tool to obtain admin credentials.
The researcher then discovered that this code wasn’t even needed in some cases. Furthermore, the credentials could be disclosed no matter what parameter was being sent. In other words, anyone could get to the router admin screen regardless of the way this was done. This is what the researcher wrote:
We have found more than ten thousand vulnerable devices that are remotely accessible. The real number of affected devices is probably in the hundreds of thousands, if not over a million.
Trustwave has contacted Netgear several times over the months. First, the company outlined 18 models as prone to the exploit. The second advisory added 25 models to the list of vulnerable devices. Then, in June, Netgear released another fix for a small subset of routers and a workaround for the rest, researchers explain.
Overall, the list of exploitable routers finished with 31 models. 18 of them are already patched. Other 2 models were previously listed as vulnerable but are currently listed as safe. Trustwave tested them and discovered the truth to be quite different – those 2 models were still prone to exploits.
Right before the security firm disclosed the issue to the public, Netgear contacted the researchers back and said they were going to fix things.
More information about the affected routers is available on Trustwave’s page.