Vulnerabilities could leave thousands of NETGEAR routers exposed
New vulnerabilities discovered in 31 models of NETGEAR router are reckoned to leave at least 10,000 devices at risk and could affect many more.
Cyber security company Trustwave has released details of the vulnerabilities which allow an attacker to discover or completely bypass any password on a NETGEAR router, giving them complete control of the router, including the ability to change configuration, turn infected routers into botnets or even upload entirely new firmware.
The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public Wi-Fi spaces like cafés and libraries using vulnerable equipment.
Since people often reuse passwords, having the admin password of the router gives hackers an initial foothold on the network. They can then see all the devices connected to the network and try to access them with that same admin password.
NETGEAR has been notified of the vulnerabilities and is currently pushing out updated firmware to the affected models, these include the Lenovo R3220 router which is powered by NETGEAR firmware.
It has also created a knowledgebase page which lists the affected routers and where users can download the firmware fix. There are also work arounds for models where a fix is not yet available. The company has confirmed its commitment to the Bugcrowd responsible disclosure program which should make future bugs easier to report and lead to a more secure product line.
"NETGEAR does appreciate and value having security concerns brought to our attention. We constantly monitor for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR," says a company spokesperson. "It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity."
Full details of the vulnerabilities are available on the Trustwave blog.