Netgear routers leak admin passwords

By on
Netgear routers leak admin passwords
Netgear WNDR4700 router, believed to be vulnerable to the admin password disclosure flaw.

Vendor believes routers to still be secure.

A flaw in Netgear wireless routers allows attackers to bypass administrator authentication and potentially gain full access to the devices, a researcher has discovered.

Network engineer Peter Adkins found several routers in the popular Netgear WNDR range run Simple Object Access Protocol (SOAP) service as part of the Netgear Genie device administration application.

Despite appearing to be secure, Adkins was able to bypass filtering and authentication for the SOAP service with relative ease over wi-fi. 

Through the SOAP service, he was able to extract the admin password for Netgear WNDR routers, wi-fi interface credentials and station identifiers, and other information such as the device serial number and connected clients, he said.

Adkins said he notified Netgear about the router takeover flaw, but was told by the vendor's support department that "the network should still stay secure", thanks to a number of unspecified built-in security features.

Adkins said he received no further response from Netgear on the vulnerability. He has published a proof of concept and detailed analysis document on Github.

Netgear wireless routers tested and found vulnerable:

  • WNDR3700v4 - V1.0.0.4SH
  • WNDR3700v4 - V1.0.1.52
  • WNR2200 - V1.0.1.88
  • WNR2500 - V1.0.0.24
  • WNDR3700v2 - V1.0.1.14 
  • WNDR3700v1 - V1.0.16.98 
  • WNDR3700v1 - V1.0.7.98 
  • WNDR4300 - V1.0.1.60 

Netgear routers believed also to be vulnerable

  • WNDR3800
  • WPN824N
  • WNDR4700
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?