Dozens of Netgear Products Vulnerable to Authentication Bypass
Not only are hackers lazy but security researchers are lazy too. Researcher Simon Kenin was being lazy one day and decided to try to hack his Netgear router. Interesting definition of lazy – his, not mine.
He came upon an old, known authentication vulnerability. It allowed him to recover his forgotten password without authenticating himself appropriately. The next day, he gathered more Netgear equipment in an effort to reproduce the problem. But he made a mistake.
Even with the mistake, the router coughed up his password. This led him to a new vulnerability. Apparently, even without the appropriate preconditions, a call to passwordrecovered.cgi will hand back your credentials.
While this has to be a mistake, it is a pretty serious mistake.
The researcher discovered that this exploit works on a wide variety of Netgear routers; way more routers than the old exploit worked on.
The researcher discovered at least ten thousand devices online which are vulnerable to the exploit, but he thinks that the real number is probably in the hundreds of thousands or maybe even millions.
Worse yet, if the owner of the router has enabled remote administration – being able to manage the router from the Internet – then anyone, anywhere in the world, can exploit this vulnerability.
If remote administration is not turned on (it is not turned on by default) then you would need to be on the same network as the router, such as in a Starbucks or any place that offers public access.
If the vulnerability is exploited, then the hacker “owns” that network and can pretty much do anything that he wants to do. Anything. That would include listening to any unencrypted traffic on the network and possibly, using a man in the middle attack, even listen to encrypted traffic.
It appears this vulnerability may have been discovered almost a year ago. Initially Netgear said that 18 models were affected, later they said that over 40 models were vulnerable.
In June of last year Netgear released a fix for a few models and a workaround for others.
Any idea what percentage of Netgear owners (a) are aware of the advisory and (b) did anything about it? My guess is that the answer is close to ZERO.
Netgear posted a page in their knowledge base that says not to worry, there is a patch available for MOST of those routers.
Any idea what percentage of Netgear router owners are aware of this knowledge base article? About the same as the number who have patched the vulnerable devices.
In fairness to Netgear, if you DO NOT enable remote administration, you make it a little bit harder for the bad guys. Not terribly comforting.
This is the new world. There are lots of devices that no one is patching. When was the last time YOU patched YOUR Internet router? I thought so.
This is a potentially enormous problem. Not because of this Netgear device but because there are hundreds or thousands of issues like this that go unnoticed by almost everyone.
Except for the bad guys. THEY read the alerts. And use. Or abuse. them.
Information for this post came from CSO Online.