A serious vulnerability found in 31 Netgear models allows bypassing authentication on admin panel

…and lets hackers turn your router into a botnet!


Trustwave has disclosed a flaw that affects Netgears routers.

As the security researcher Simon Kenin explains, the vulnerability allows attackers to exploit the router’s password recovery system to bypass authentication and gain full access to the device settings: any router that has the remote management option switched on is vulnerable to this hacks.

The vulnerability can be used by a remote attacker if remote administration is set to be Internet facing. By default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wifi spaces like cafés and libraries using vulnerable equipment.

With malware such as the Mirai botnet being out there, it is also possible that some of the vulnerable routers could be infected and ultimately used as bots as well.

Trustwave has reported the flaw, and Netgear has also confirmed the issue in a post on its website, releasing a full list of the affected models:

  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400
  • C6300

In case you own one of the listed routers, you’re strongly advised to update the firmware: netgear has already posted the updated firmware on its website.


Resources

https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521–Bypassing-Authentication-on-NETGEAR-Routers/
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521–Bypassing-Authentication-on-NETGEAR-Routers/
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521–Bypassing-Authentication-on-NETGEAR-Routers/

Comments