CyberWisdom Safe Harbor Commentary on NETGEAR Routers:
Security researcher Martin Rakhmanov, a security researcher from Trustwave, reported the vulnerabilities. The company conducted a one-year study of the firmware running on the Netgear routers chassis.
Users are advised to apply security patches as soon as possible, and they can be exploited by hackers to intercept gateways and wireless points.
Netgear routers vulnerability
The experts found that 17 different Netgear routers were compromised by remote authentication bypassing, allowing remote attackers to access the destination network without having to provide a password.
“This also affects a large number of products (17 in total) and is trivial to exploit, bypassing validation if” & genie = 1 “is found in the query string.” Read the analysis posted by Rakhmanov.
Yes, that’s right. An attacker just needs to append the “& genie = 1” URL to bypass the authentication. Of course, the attack can be for any gateway that has remote configuration access enabled.
Attackers can access the device, change its DNS settings, and redirect the browser to a malicious Web site.
Another 17 Netgear routers were affected by password recovery and file access vulnerabilities. These vulnerabilities exist in the genie_restoring.cgi script used by the web server built into the Netgear box and can trigger the extraction of files and passwords from the file system in flash memory and the extraction of files from the USB stick inserted into the router.
“Some routers allow arbitrary files to be read from the device, as long as the file path is known. Nighthawk X8 Proof of Concept running firmware 220.127.116.11 or earlier:
curl -d “id = 304966648 & next_file = cgi-bin /../../ tmp / mnt / usb0 / part1 / README.txt” http://192.168.1.1/genie_restoring.cgi?id=304966648
The above will read the README.txt file located on the USB thumb drive inserted into the router. A total of 17 products affected. Specific models listed in the consultation instructions. “Continue to analyze.
The list of issues found by the researchers included a command injection vulnerability on D7000, EX6200v2 and some routers PSV-2017-2181. After pressing the WPS button, the Netgear router allows remote attackers to execute arbitrary code on the box with root privileges for two minutes.
“Only 6 products were affected, which allowed OS commands to run as root in a short window during WPS activation,” the analysis said.
Security researchers Martin Rakhmanov from Trustwave conducted a one-year-study on the firmware running on Netgear routers and discovered vulnerabilities in a couple of dozen models. Netgear has just released many security updates that address vulnerabilities in a couple of dozen models. The vulnerabilities have been reported by security researchers Martin Rakhmanov from Trustwave, which conducted a Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »