Cisco Talos experts warned about dangerous vulnerabilities in NETGEAR routers

Researchers from Cisco Talos discovered vulnerabilities in NETGEAR wireless routers.

Due to the incorrect configuration of the handshake between the client and the access point, an attacker could intercept private data from network devices.

The bugs contained in in the NetUSB kernel module of KCodes, Taiwanese company that was is one of the suppliers of NETGEAR.

Component provides data exchange with USB devices using a secure TCP protocol, allowing users to connect a router to peripheral equipment. As the researchers found out, a hacker can intervene in this process in order to conduct an attack in one of two scenarios.

Both scenarios base on sending a specific network request to a vulnerable device. The threat arises when the router sets up the TCP bus, sending a series of operational codes to the server. The problem related to the lack of validation of the packet, which contains the identification number of the router or a list of available network hosts.

In one case (CVE-2019-5016), experts substituted sent code with the getConfigDescriptor function — it opens the device parameters with the specified sequence number. According to experts, this method can also be used to organize DoS-attacks on the router with just sending incorrect addresses to it.

The second bug (CVE-2019-5017) allows unauthorized access to kernel memory. Using the same unprotected data packet, an attacker can calculate the base address of the vulnerable module. This allows developing an attack on the network to get to other connected devices.

Professionals find it difficult to estimate the prevalence of vulnerable routers, suggesting that the problem affects dozens of NETGEAR products. They note that although insecure modules vary from model to model, in each case they work the same way. Therefore, the described attack scenarios are relevant for all devices with the KCodes component.

“Specific models of these routers utilize the kernel module from KCodes, a Taiwanese company. The module is custom-made for each device, but they all contain similar functions”, — report researchers.

Experts sent NETGEAR developers information about the discovered problems, and they are planning to release updates for vulnerable modems software in the nearest future. Beta versions of the firmware are now available with corrections. In accordance with its disclosure policy, experts published a description of the bugs 90 days after transferring data to the manufacturer and without waiting for the full patch.

In 2018, vulnerability of NETGEAR routers led to a leak of data from the US Army. Specialists discovered the threat when secret documents appeared in the assortment of one of the underground trading plaatforms.


User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button