Story image

Trustwave uncovers major vulnerabilities in NETGEAR routers

31 Jan 2017

Your NETGEAR router is at risk of being hacked and users should check to see if theirs needs patching, according to a new blog by Trustwave SpiderLabs.

Researchers at SpiderLabs found that some Netgear routers can be hacked through their web server by using unauthenticated password disclosure – a method that can gain vulnerable password credentials.
After experimenting on a number of Netgear router models, the researcher found another vulnerability that will give credentials for any parameter.

The vulnerabilities, now named CVE-2017-5521 and TWSL2017-003, were sent to Netgear in April 2016 but Trustwave says that Netgear has been slow to respond.

“In our initial contact, the first advisory had 18 models listed as vulnerable, although six of them didn't have the vulnerability in the latest firmware. Perhaps it was fixed as part of a different patch cycle. The second advisory included 25 models, all of which were vulnerable in their latest firmware version,” the blog says.

The vulnerability affects a large number of routers, possibly those in the millions, Trustwave says. The vulnerabilities can be used to conduct a remote attack if administration is set to internet-facing.

While it is not turned on by default, Trustwave says anyone with physical access to a network with a vulnerable router can exploit the vulnerabilities. Routers can also be used as part of botnets.

“As many people reuse their password, having the admin password of the router gives us an initial foothold on the network. We can see all the devices connected to the network and try to access them with that same admin password,” Trustwave says.

While Netgear provided a fix for a small number of routers. There are 18 patches and two models that are now ‘not vulnerable’, there are still a number that have not been patched and even a Lenovo router that uses Netgear firmware, Trustwave says.

“Over the past nine months we attempted to contact NETGEAR multiple times for clarification and to allow them time to patch more models. Over that time we have found more vulnerable models that were not listed in the initial notice, although they were added later. We also discovered that the Lenovo R3220 router is powered by NETGEAR firmware and it was vulnerable as well,” the blog says.

While communication issues with Netgear delayed processes, the company has since committed to push out firmware to unpatched models.

Netgear also committed to working with Bugcrowd, a third party vendor that oversees bugs, patching and provides ‘bug bounty’ rewards to researchers.

Trustwave recommends those with Netgear routers check the Knowledge Base Article to see if you are affected.   

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.