Trustwave has discovered a pair of serious flaws in no less than 31 different models of Netgear routers, following closely on the heels of a dangerous vulnerability affecting other Netgear products which was publicized last month.
This time around the issues were found by a security researcher at Trustwave, Simon Kenin, who was messing around with his Netgear router trying to hack it via the web interface, experimenting with ‘manually fuzzing’ the web server with various different parameters.
This led him to uncover the flaws which can be exploited locally by an attacker with physical access to the network/router – but crucially it can also be leveraged remotely, if remote administration has been switched on and set to be internet-facing (which, luckily, it isn’t by default).
How serious are the flaws? Pretty serious indeed, as they allow a malicious party to find out the password of the router (or simply bypass it) to get complete control of the hardware – meaning there’s the distinct possibility that the router could be inducted into the ranks of a botnet (and subsequently used in the likes of DDoS attacks).
According to Trustwave, more than 10,000 vulnerable devices have been found which can be accessed remotely and exploited – but the total number of routers out there which could potentially be affected is likely in the hundreds of thousands, and could even be in excess of a million devices. Worrying numbers indeed.
So, it wasn’t a great end to last year for Netgear, and it hasn’t been a great start to 2017 either.
Netgear was apparently informed of these potential exploits back in April of last year, and Trustwave continued to badger the router manufacturer multiple times over the past nine months concerning fixing these holes.
Fortunately, Netgear did eventually respond to the security company just before Trustwave was about to make its findings public – and it was a positive response by all accounts.
In his blog post, Kenin notes that Netgear was committed to getting fresh firmware out to unpatched and affected routers on an ‘aggressive timeline’.
He also observed: “Netgear was not just serious about patching these vulnerabilities, but serious about changing how they handle third-party disclosure in general … [making a] commitment to Bugcrowd, a popular third-party vendor that helps to vet research, provides oversight for the patching process and provides bug bounty rewards to help to motivate third-party researchers.”
So what action should you take if you have a Netgear router? Trustwave advises you to check here in order to see if your router is vulnerable, and to get details on how to install patched firmware if that’s the case.