Stories
Slash Boxes
Comments

SoylentNews is people

Netgear Exploit Found in 31 Models Lets Hackers Add Your Router to a Botnet

posted by CoolHand on Wednesday February 01 2017, @08:43AM   Printer-friendly
from the fun-with-botnets dept.

Fnord666 writes:

You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.

Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.

Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks. While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be "over a million."

Original Submission

 
This discussion has been archived. No new comments can be posted.
Netgear Exploit Found in 31 Models Lets Hackers Add Your Router to a Botnet | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by arslan on Thursday February 02 2017, @12:48AM

    by arslan (3462) on Thursday February 02 2017, @12:48AM (#461848)

    Ummm I dunno... the vulnerability is only with physical access. Remote access only if remote management is turned on, which is off by default.

    If you don't have remote management turned on and rely on physical security, it is not an issue. I would imagine most consumer homes are like that.

    If you're geeky enough to turn on remote management, you should be patching regularly.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by jdccdevel on Thursday February 02 2017, @05:54PM

    by jdccdevel (1329) on Thursday February 02 2017, @05:54PM (#462031) Journal

    Ummm I dunno... the vulnerability is only with physical access. Remote access only if remote management is turned on, which is off by default.

    That depends on how the vulnerability works.

    Most of these routers use the same local IP subnet by default, so it's actually fairly easy to script an attack against them from the Internet, via a web browser.

    If it's just a http request against the router (chances are good it is), it doesn't take anything more complicated than some Javascript, or a cleverly constructed web page.

    Remote access being off by default helps, But it isn't enough.