Tuesday, October 15, 2024
HomeNetwork SecurityUnpatched zero-day Flaw in 79 Netgear Routers Allows Hacker to take Full...

Unpatched zero-day Flaw in 79 Netgear Routers Allows Hacker to take Full Control of the Device

Published on

Malware protection

Researchers discovered unpatched zero-day vulnerability with 79 Netgear routers that allow attackers to take control over the device remotely.

The flaw allows attackers to run arbitrary code as “root” user and to take full control over the device remotely.

79 Netgear Routers Models Vulnerable

The vulnerabilities were discovered by two security researchers Adam Nichols from GRIMM and d4rkn3ss from Internet service provide VNPT.

- Advertisement - SIEM as a Service

Nicholas discovered that vulnerability could affect 758 different firmware versions that run on 79 Netgear routers. The firmware is released back in 2007.

According to the reports, the vulnerability resides HTTPD service that listens on TCP port 80 by default. The issue is due to improper validation of “user-supplied data before copying it to a fixed-length, stack-based buffer.”

The vulnerability allows hackers to execute arbitrary code on vulnerable devices as a root user. Authentication is not required to exploit this vulnerability.

Adam Nichols analyzed the vulnerability Netgear R7000 version 1.0.9.88 firmware and used the binwalk to extract the root filesystem from the firmware image.

The vulnerability can be exploitable only with the older versions, in modern software this vulnerability would be unexploitable as the modern software typically contains stack cookies.

Researchers also developed an exploit that served as a CSRF attack, “If a user with a vulnerable router browses to a malicious website, that website could exploit the user’s router.”

Routers and modems are the important security borders that prevent attacks from directly exploiting the computers in a network.

Affected router models;

AC1450MBR1516WGR614v9
D6220MBRN3000WGR614v10
D6300MVBR1210CWGT624v4
D6400R4500WN2500RP
D7000v2R6200WN2500RPv2
D8500R6200v2WN3000RP
DC112AR6250WN3100RP
DGN2200R6300WN3500RP
DGN2200v4R6300v2WNCE3001
DGN2200MR6400WNDR3300
DGND3700R6400v2WNDR3300v2
EX3700R6700WNDR3400
EX3800R6700v3WNDR3400v2
EX3920R6900WNDR3400v3
EX6000R6900PWNDR3700v3
EX6100R7000WNDR4000
EX6120R7000PWNDR4500
EX6130R7100LGWNDR4500v2
EX6150R7300WNR834Bv2
EX6200R7850WNR1000v3
EX6920R7900WNR2000v2
EX7000R8000WNR3500
LG2200DR8300WNR3500v2
MBM621R8500WNR3500L
MBR624GURS400WNR3500Lv2
MBR1200WGR614v8XR300
MBR1515

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

New Mozi P2P Botnet Attacks Netgear, GPON, D-Link and Huawei Routers Using Weak Passwords and Some Known Exploits

Multiple Vulnerabilities with NETGEAR Wireless Routers Allows Attackers to Access Sensitive Information

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

New RansomHub Attack Killing Kaspersky’s TDSSKiller To Disable EDR

RansomHub has recently employed a novel attack method utilizing TDSSKiller and LaZagne, where TDSSKiller,...

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...