The Broadband Guide
SG
search advanced

Unpatched Netgear routers under cyberattack

2015-10-13 03:13 by
Tags: ,

 

An unpatched vulnerability in Netgear routers has left thousands of the devices under risk of attacks. The bug was found and reported to Netgear months ago by security researchers at Shell Shock Labs and Compass Security. Then the company issued a beta firmware patch and sent to Compass Security, but the fixed firmware is not released to the public yet.

The flaw is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img versions of the firmware. At least 9 Netgear models are affected: JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, WNR618. Netgear claims that only around 5,000 are in use.

If users have their 'remote administration' turned on, then hackers can gain access to the router, gather some information, and install tracking or key logging software.All they need to do is to access the administration interface of the router and when prompted for a username and password, call the URL http:///BRS_netgear_success.html . After repeated attempts, the attacker would then gain access to the router's administration interface without the need for any identification details.

Another way for hacking is if hackers are physically connected to the router, or on the same Wi-Fi network.

"The attacker can so gain access to all your network traffic, perform a man-in-the-middle attack or misconfigure the way name resolution is done, via the router's DNS settings. We are aware of reports where victims had their router DNS entries altered. In such an instance, attackers can for example redirect you to phishing sites, inject ads or malware into your browsing experience," Alexandre Herzog, CTO of Compass Security said.

Now, Netgear has officially released an update to patch the flaw.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About