Trustwave uncovers major vulnerabilities in NETGEAR routers
Your NETGEAR router is at risk of being hacked and users should check to see if theirs needs patching, according to a new blog by Trustwave SpiderLabs.
Researchers at SpiderLabs found that some Netgear routers can be hacked through their web server by using unauthenticated password disclosure – a method that can gain vulnerable password credentials. After experimenting on a number of Netgear router models, the researcher found another vulnerability that will give credentials for any parameter.
The vulnerabilities, now named CVE-2017-5521 and TWSL2017-003, were sent to Netgear in April 2016 but Trustwave says that Netgear has been slow to respond.
“In our initial contact, the first advisory had 18 models listed as vulnerable, although six of them didn't have the vulnerability in the latest firmware. Perhaps it was fixed as part of a different patch cycle. The second advisory included 25 models, all of which were vulnerable in their latest firmware version,” the blog says.
The vulnerability affects a large number of routers, possibly those in the millions, Trustwave says. The vulnerabilities can be used to conduct a remote attack if administration is set to internet-facing.
While it is not turned on by default, Trustwave says anyone with physical access to a network with a vulnerable router can exploit the vulnerabilities. Routers can also be used as part of botnets.
“As many people reuse their password, having the admin password of the router gives us an initial foothold on the network. We can see all the devices connected to the network and try to access them with that same admin password,” Trustwave says.
While Netgear provided a fix for a small number of routers. There are 18 patches and two models that are now ‘not vulnerable’, there are still a number that have not been patched and even a Lenovo router that uses Netgear firmware, Trustwave says.
“Over the past nine months we attempted to contact NETGEAR multiple times for clarification and to allow them time to patch more models. Over that time we have found more vulnerable models that were not listed in the initial notice, although they were added later. We also discovered that the Lenovo R3220 router is powered by NETGEAR firmware and it was vulnerable as well,” the blog says.
While communication issues with Netgear delayed processes, the company has since committed to push out firmware to unpatched models.
Netgear also committed to working with Bugcrowd, a third party vendor that oversees bugs, patching and provides ‘bug bounty’ rewards to researchers.
Trustwave recommends those with Netgear routers check the Knowledge Base Article to see if you are affected.