In most homes, the router is the main gatekeeper for all the data that flow in and out of our networked and web-connected gadgets. They’re usually taken for granted, stashed in a corner, getting rebooted and tweaked once in a while when slowdown and connection issues arise.
But in light of recent campaigns and massive attacks against millions of Internet of Things appliances and other connected gadgets, such as the Mirai distributed denial of service attack (DDoS) last year, devices like DVRs, webcams and yes, routers, are always at risk of becoming botnet minions.
A Distributed Denial of service (DDoS) is an attack where a targeted website is flooded with an overwhelming amount of requests from millions of connected machines in order to bring it down.
A botnet is an assembly of compromised computers and mobile gadgets used in cyber attacks often without the knowledge of the owners.
Late last year, we reported about certain models of Netgear routers having vulnerabilities that allowed hackers to use a malicious link to run unauthorized commands. To Netgear’s credit, the company promptly issued a firmware patch for the affected routers in order to fix the issue.
Now that this flaw seems to be behind us, don’t let your guard down yet. A new vulnerability in certain Netgear routers has been outed again and this flaw can potentially allow an attacker to gain total control of these devices.
The exploit, discovered by Trustwave security researcher Simon Kenin, can reportedly reveal the administrator password to anyone with even the most basic programming skills. This security hole could allow hackers to abuse these routers’ password recovery systems to steal the credentials.
“After few trials and errors trying to reproduce the issue,” Kenin stated in his blog post as he detailed the bug. “I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is [a] totally new bug that I haven’t seen anywhere else.”
Kenin continued that this vulnerability is critical since “it affects a large number of models” and the number of affected routers could be in the millions. Moreso, if attackers get through the router’s administrator panel, they can survey all the connected gadgets in a network and will try and access them with the same stolen router password.
And more importantly, as shown by the Mirai botnet attacks, such vulnerabilities can allow hackers to utilize your router and other connected gadgets as part of DDoS botnet attacks.
Thankfully for Netgear router owners, there are prerequisites for this hack to take place. First, the exploit can only be done if remote administration is set to on or if an attacker has physical access to the router itself. By default, remote administration is set to off on Netgear routers so if you haven’t touched this setting, it’s one fewer thing to worry about.
Kenin warned that places with public Wi-Fi access points, such as coffee shops and libraries, where an attacker can have physical access to the router, are vulnerable to this hack.
What you can do
As we always advise our readers, always keep your router firmware up-to-date and always check at least once every three months.
If you own any of these Netgear router models, please update your firmware immediately:
For these other Netgear routers running firmware that has not been patched yet, it is recommended that remote management is set to off:
- R6200 on v184.108.40.206_1.0.43
- R6300 on v220.127.116.11_1.0.58
- VEGN2610 on v18.104.22.168_1.0.12
- AC1450 on v22.214.171.124_10.0.16
- WNR1000v3 on v126.96.36.199_60.0.93
- WNDR3700v3 on v188.8.131.52_1.0.31
- WNDR4000 on v184.108.40.206_9.1.86
- WNDR4500 on v220.127.116.11_1.0.68
- D6300 on v18.104.22.168
- D6300B on v22.214.171.124
- DGN2200Bv4 on v126.96.36.199
- DGN2200v4 on v188.8.131.52
To read Simon Kenin’s full blog post detailing the bug, click here.