SOAP vulnerability leaves Netgear routers open to hackers
Owners of Netgear routers are warned that their wireless security keys and admin password could be accessed by hackers. A security vulnerability has been found in the SOAP service embedded in some Netgear network devices that could be abused with specially designed HTTP requests.
Routers can be tricked into executing commands even if they originate from an unauthenticated session, potentially exposing sensitive information to hackers. For anyone with remote management enabled on their router, there is the added worry that all of this could be carried out by someone without physical access, or who is not in close proximity, to the network. A number of Netgear routers are affected.
The vulnerability as discovered by security researcher Peter Adkins and it is thought to be a problem for the devices listed below. As well as making it possible to extract data such as administrator password and wireless credentials, the vulnerability also reveals the serial number of a router and details of devices that are connected to it.
In a tale that is somewhat reminiscent of Google's bug disclosures through Project Zero, Adtkins notified Netgear of his findings back in January. Unhappy with the response and lack of action, he decided to go public:
The initial response from NetGear support was that despite these issues "the network should still stay secure" due to a number of built-in security features. Attempts to clarify the nature of this vulnerability with support were unsuccessful. This ticket has since been auto-closed while waiting for a follow up. A subsequent email sent to the NetGear 'OpenSource' contact has also gone unanswered.
Devices thought to be affected by SOAP vulnerability are:
- NetGear WNDR3700v4
- NetGear WNR2200
- NetGear WNR2500
- NetGear WNDR3700v2
- NetGear WNDR3700v1
- NetGear WNDR4300
- NetGear R6300v2
- NetGear WNDR3800
- NetGear WNDRMAC
- NetGear WPN824N
- NetGear WNDR4700
Netgear is yet to issue a statement or give an idea of when, or indeed if, a patch will be released. In the meantime, it would be a good idea to disable the remote management feature of your router unless you have a particularly pressing need to leave it enabled.