The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

79 Netgear routers vulnerable to serious security flaw

2020-06-19 17:59 by
Tags: , ,

 

79 Netgear router models are vulnerable to a severe security flaw that can let hackers take over devices remotely. The oldest models date back to 2007.

The vulnerability has been discovered by two security researchers independently, namely Adam Nichols from cyber-security GRIMM and a security researcher going by the nickname of d4rkn3ss, working for Vietnamese internet service provider VNPT.

The vulnerability stems from the web server Netgear uses on its routers, which Nichols explains "has had very little testing" and unsurprisingly is therefore open to exploitation. In this case, Netgear isn't validating the user input for its administration panel properly, it isn't using "stack cookies," which protect against buffer overflow attacks, and the web server code isn't compiled using Position-independent Executable (PIE), so it can't take full advantage of address space layout randomization (ASLR), which again protects against buffer overflow attacks.

A Netgear spokesperson told ZDNet that firmware updates for two router models (R6400v2, R6700v3) have already been released, and new ones "are forth coming." However, not all routers are expected to receive patches, as some have already gone end-of-life many years before.

In order to stay safe, Netgear router owners can disable the "Remote Management" feature of their routers.They can do that by navigating to router's administrative interface (usually https://192.168.1.1) and then select the Advanced mode or tab, if there is one, and try to find something that looks like "Web Services Management" or "Remote Management."

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About