SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Netgear SOHO Security Bug Allows RCE, Corporate Attacks
Date    Thursday September 23 2021, @10:47AM
Author    Fnord666
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=21/09/22/2230201

upstart writes:

Netgear SOHO Security Bug Allows RCE, Corporate Attacks:

A high-severity security bug affecting several Netgear small office/home office (SOHO) routers could allow remote code execution (RCE) via a man-in-the-middle (MiTM) attack.

The bug (CVE-2021-40847) exists in a third-party component that Netgear includes in its firmware, called Circle – it handles the parental controls for the devices, according to researchers at Grimm who discovered the flaw. It rates 8.1 out of 10 on the CVSS 3.0 vulnerability-severity scale.

“Since this code is run as root on the affected routers, exploiting it to obtain RCE is just as damaging as a RCE vulnerability found in the core Netgear firmware,” they said in an advisory released Tuesday.

Specifically, the issue lives in the Circle update daemon. Researchers explained that the updating process is insecure, making it possible for attackers to spoof the update server and inject their own bits and bytes into the process.

It should be noted that a prerequisite for exploitation is having the ability to sniff and send network traffic to and from a target router, the advisory said – meaning that adversaries would need to be attached to the same network as the appliance. That can be achieved by compromising a connected device such as a mobile phone or computer prior to initiating the RCE effort.

[...] “This daemon connects to Circle and Netgear to obtain version information and updates to the daemon and its filtering database,” researchers explained. “However, database updates from Netgear are unsigned and downloaded via HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to Circle update requests with a specially crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code.”

[...] Affected Netgear Devices and Versions

The below devices and versions are vulnerable; Grimm noted that older versions of all of these likely are as well:

To mitigate the risks to corporate environments posed by vulnerable SOHO routers, users should update their router firmware to the latest versions, which contain patches for CVE-2021-40847. Details can be found here.

So we have a process that

I'm dumbfounded. You can't make this stuff up.

Details about CVE-2021-40847.


Original Submission

Links

  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Netgear SOHO Security Bug Allows RCE, Corporate Attacks" - https://threatpost.com/netgear-soho-security-bug-rce/174921/
  3. "an advisory" - https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
  4. "found here" - https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204
  5. "CVE-2021-40847" - https://nvd.nist.gov/vuln/detail/CVE-2021-40847
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=51485

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Netgear SOHO Security Bug Allows RCE, Corporate Attacks on 2024-03-28 08:47:44