SoylentNews

Fnord666 [soylentnews.org] writes:

You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk [thenextweb.com].

Disclosed by cybersecurity firm Trustwave [trustwave.com], the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.

Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks. While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be "over a million."

Original Submission