Unpatched Netgear routers under cyberattack2015-10-13 03:13 by Daniela
Tags: Netgear, hackers
An unpatched vulnerability in Netgear routers has left thousands of the devices under risk of attacks. The bug was found and reported to Netgear months ago by security researchers at Shell Shock Labs and Compass Security. Then the company issued a beta firmware patch and sent to Compass Security, but the fixed firmware is not released to the public yet.
The flaw is an authentication bypass that affects the N300_126.96.36.199_1.0.1.img and N300-188.8.131.52_1.0.1.img versions of the firmware. At least 9 Netgear models are affected: JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, WNR618. Netgear claims that only around 5,000 are in use.
If users have their 'remote administration' turned on, then hackers can gain access to the router, gather some information, and install tracking or key logging software.All they need to do is to access the administration interface of the router and when prompted for a username and password, call the URL http:///BRS_netgear_success.html . After repeated attempts, the attacker would then gain access to the router's administration interface without the need for any identification details.
Another way for hacking is if hackers are physically connected to the router, or on the same Wi-Fi network.
"The attacker can so gain access to all your network traffic, perform a man-in-the-middle attack or misconfigure the way name resolution is done, via the router's DNS settings. We are aware of reports where victims had their router DNS entries altered. In such an instance, attackers can for example redirect you to phishing sites, inject ads or malware into your browsing experience," Alexandre Herzog, CTO of Compass Security said.
Now, Netgear has officially released an update to patch the flaw.
Read more -here-