Netgear routers vulnerable to easy authentication bypass

By on
Netgear routers vulnerable to easy authentication bypass

Remotely exploitable flaw found.

Mass-market routers from vendor Netgear contain a serious vulnerability that allows attackers to bypass authentication and access the device's management interfaces.

Security vendor Trustwave researcher Simon Kenin tried to access the management page of his Netgear router but had forgotten the password for it.

By searching Google, Kenin found an exploit that allowed him to query routers and retrieve their login credentials easily, which gave him full access to the device.

"The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on,"  the Trustwave researcher said.

"However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wi-fi spaces like cafés and libraries using vulnerable equipment."

After trying out the vulnerability on a range of Netgear routers, Kenin was surprised at how many models had the flawed firmware.

Trustwave believes the number of devices affected are at least in the hundreds of thousands.

Netgear has confirmed the vulnerability affects a large number of its products, and issued patched firmware.

Last December, the US Computer Emergency and Response Team advised users to stop using Netgear routers due to a serious flaw that permitted command injection.

Update 2/2/17: Netgear said it was aware of the vulnerability and had been working with the Trustwave analysts to evaluate it.

"Netgear has published a knowledge base article from our support page, which lists the affected routers and the available firmware fix," it said in a statement.

"Firmware fixes are currently available for the majority of the affected devices. Please note that this vulnerability occurs when an attacker can gain access to the internal network or when remote management is enabled on the router. Remote management is turned off by default; although remote management can turned on through the advanced settings."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?