Hackers have found a critical exploit in Netgear routers – Here’s how to protect yourself
If you own a Netgear router, it’s probably a good as ever to download a firmware update.
According to TechCrunch, a Netgear exploit could be exposing your router’s password.
The exploit affects thousands of Netgear routers, essentially giving hackers access to your admin credentials. Meaning, hackers can lock you out of your own router. What’s even worse is that they can manipulate your internet usage.
Luckily, Netgear issued out a firmware update to prevent this happening to you.
Simon Kenin, a researcher for Trustwave, uncovered the issue a year ago when he misplaced his admin password to his router. In the end, he ended up hacking his own router while discovering a feature designed to allow password recovery, reports TechCrunch.
￼I woke up the next morning excited by the discovery, I thought to myself: “3 routers with same issue… Coincidence? I think not”. Luckily, I had another, older NETGEAR router laying around; I tested it and bam! Exploited.
I started asking people I knew if they have NETGEAR equipment so I could test further to see the scope of the issue. In order to make life easier for non-technical people I wrote a python script called netgore, similar to wnroast, to test for this issue.
I am not a great programmer. I am aware of that and that is why I don’t work as a full time programmer. As it turned out, I had an error in my code where it didn’t correctly take the number from unauth.cgi and passed gibberish to passwordrecovered.cgi instead, but somehow it still managed to get the credentials!
“Wait… what is going on here?” I thought to myself. After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is totally new bug that I haven’t seen anywhere else. When I tested both bugs on different NETGEAR models, I found that my second bug works on a much wider range of models.
Here’s the router models affected in this exploit:
If your router is one of the ones affected, head on over to your routers admin panel and download the firmware update.
Update: A Netgear spokesman reached out to KnowTechie and provided us with a statement:
NETGEAR is aware of the vulnerability (CVE-2017-5521), that has been recently publicized by TrustWave. This is not a new or recent development. We have been working with the security analysts to evaluate the vulnerability. NETGEAR has published a knowledge base article from our support page, which lists the affected routers and the available firmware fix.
Firmware fixes are currently available for the majority of the affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for the model and visit the firmware release page for further instructions. For devices that are still pending final firmware updates, please follow the advised work around.
Please note that this vulnerability occurs when an attacker can gain access to the internal network or when remote management is enabled on the router. Remote management is turned off by default; although remote management can turned on through the advanced settings.
NETGEAR does appreciate and value having security concerns brought to our attention. We constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR’s mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.