Information security experts Adam Nichols and d4rkn3ss independently discovered that there is critical vulnerability in 79 Netgear router models. A bug in Netgear firmware may allow hackers remotely take control a device.The vulnerability affects 758 different firmware versions that have been used in 79 Netgear routers for many years, and some firmware versions can be found on devices released back in 2007.
Experts write that the vulnerability is associated with a component of the web server that is part of Netgear firmware. This web server is used to operate the built-in administration panel.
“The server does not correctly validate user input, does not use canary’s cookies to protect memory, and the server binary is not compiled as Position-independent Executable (PIE), that is, ASLR protection is not applied”, — says Adam Nichols.
All this allows an attacker to send malicious HTTP requests to a vulnerable device, which can be used to seize control of a router.
The PoC exploit has already been published on GitHub, and Nichols notes that in the end he “managed to launch the telnet daemon [router] with root privileges on TCP port 8888 and no password was required.”
At the beginning of this year, both researchers reported about vulnerabilities to Netgear representatives.
However, due to the danger of problem and the large amount of work required to create and test patches, the manufacturer asked the experts to temporarily hold the information about the bug and requested more time. As a result, the postponement expired this week, the corrections were not released, and the experts decided to publish the data on the problem.
Work on patches is still underway, but the exact timing of their release has not yet been announced. In addition, it is expected that not all routers will receive patches at all, as some of them are no longer supported.
I also recall that a year ago, Cisco Talos experts also warned about dangerous vulnerabilities in NETGEAR routers.
“Routers and modems often form an important security border that prevents attackers from directly exploiting the computers in a network. However, poor code quality and a lack of adequate testing has resulted in thousands of vulnerable SOHO devices being exposed to the internet for over a decade”, — concludes Adam Nichols.
A list of vulnerable firmware versions for all affected router models can be found here.
Let me also remind you that manufacturers of D-Link routers can’t close the bugs that IS discovered IS experts.
User Review( votes)