- Jul 22, 2014
- 2,525
Get patching – there's this auth bypass and loads of other bugs
If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit.
The flaws were found by Martin Rakhmanov at infosec shop Trustwave, which has spent over a year hunting down programming gremlins in Netgear's firmware.
Software updates to address these uncovered vulnerabilities have now been released – you should ensure they are installed as soon as you can before scumbags and botnets start exploiting them to hijack broadband gateways and wireless points. Instructions on how to apply the fixes are included in the linked-to advisories.
Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants that are on your network, or that are able to reach the device's web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo.
That's pretty bad news for any vulnerable gateways with remote configuration access enabled, as anyone on the internet can exploit the cockup to take over the router, change its DNS settings, redirect browsers to malicious sites, and so on.
Another 17 Netgear routers – with some crossover with the above issue – have a similar bug, in that the genie_restoring.cgi script, provided by the box's built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.
Other models have less severe problems that still need patching just in case. For example, after pressing the Wi-Fi Protected Setup button, six of Netgear's routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.
...
If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit.
The flaws were found by Martin Rakhmanov at infosec shop Trustwave, which has spent over a year hunting down programming gremlins in Netgear's firmware.
Software updates to address these uncovered vulnerabilities have now been released – you should ensure they are installed as soon as you can before scumbags and botnets start exploiting them to hijack broadband gateways and wireless points. Instructions on how to apply the fixes are included in the linked-to advisories.
Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants that are on your network, or that are able to reach the device's web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo.
That's pretty bad news for any vulnerable gateways with remote configuration access enabled, as anyone on the internet can exploit the cockup to take over the router, change its DNS settings, redirect browsers to malicious sites, and so on.
Another 17 Netgear routers – with some crossover with the above issue – have a similar bug, in that the genie_restoring.cgi script, provided by the box's built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.
Other models have less severe problems that still need patching just in case. For example, after pressing the Wi-Fi Protected Setup button, six of Netgear's routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.
...
