Recently, US-CERT released an announcement about a bug in Netgear’s R7000 and R6400 routers, which allowed attackers to inject commands. However, soon enough another security hole was discovered in routers. A researcher from Trustwave SpiderLabs, Simon Kenin, accidentally discovered the flaw (CVE-2017-5521) while trying to access the web interface of his own Netgear router and reboot the device. Kenin was trying to hack his personal router since he has forgotten the password of router’s web panel. However, attempts to do it led the researcher to an unexpected discovery that revealed a flaw in many Netgear routers that allows attackers to query routers and get their login details quickly. Needless to say, if you own these details, you can easily take control of the device.
Kenin says that vulnerability can affect a large number of Netgear router models. Attackers can take advantage of this flaw only in case router’s remote management option is toggled on, and although Netgear claims that this option is off by default, Kenin says that there might be “hundreds of thousands, if not over million” vulnerable routers worldwide. Anyone who can access the network via vulnerable Netgear router can exploit it – for example, places like cafes or restaurants who have these vulnerable routers are perfect spots for attackers. It must be noted that having admin’s rights of the router gives control of all network connected to it, and it may be possible to access all devices connected to with the same password. Currently known to be vulnerable router models are these:
R8300, R8500, R6400, R7300DST, R7000, R7100LG, R6300v2, R6900, WNDR3400v3, WNR3500Lv2, R6700, R7900, R6250, R8000, R6200v2, WNDR4500v2, WNDR3400v2, D6400, D6220, C6300.
Speaking about other risks related to this vulnerability, these routers can be easily compromised and used as botnet(such as Mirai) bots. Even if attempts to run a bot fail, attackers can simply change DNS of the compromised router into a malicious one. Therefore, users of these vulnerable routers should take actions immediately and install firmware updates released by Netgear immediately. The updates should be downloaded from official Netgear’s website. What is more, it seems that the company really makes efforts to improve its products and make them more secure – they have launched a bug bounty program that promises awards up to $15,000 to researchers who will discover and report flaws in company’s hardware, mobile applications, and APIs.