Researchers discovered unpatched zero-day vulnerability with 79 Netgear routers that allow attackers to take control over the device remotely.
The flaw allows attackers to run arbitrary code as “root” user and to take full control over the device remotely.
79 Netgear Routers Models Vulnerable
The vulnerabilities were discovered by two security researchers Adam Nichols from GRIMM and d4rkn3ss from Internet service provide VNPT.
Nicholas discovered that vulnerability could affect 758 different firmware versions that run on 79 Netgear routers. The firmware is released back in 2007.
According to the reports, the vulnerability resides HTTPD service that listens on TCP port 80 by default. The issue is due to improper validation of “user-supplied data before copying it to a fixed-length, stack-based buffer.”
The vulnerability allows hackers to execute arbitrary code on vulnerable devices as a root user. Authentication is not required to exploit this vulnerability.
Adam Nichols analyzed the vulnerability Netgear R7000 version 1.0.9.88 firmware and used the binwalk to extract the root filesystem from the firmware image.
The vulnerability can be exploitable only with the older versions, in modern software this vulnerability would be unexploitable as the modern software typically contains stack cookies.
Researchers also developed an exploit that served as a CSRF attack, “If a user with a vulnerable router browses to a malicious website, that website could exploit the user’s router.”
Routers and modems are the important security borders that prevent attacks from directly exploiting the computers in a network.
Affected router models;
| AC1450 | MBR1516 | WGR614v9 |
| D6220 | MBRN3000 | WGR614v10 |
| D6300 | MVBR1210C | WGT624v4 |
| D6400 | R4500 | WN2500RP |
| D7000v2 | R6200 | WN2500RPv2 |
| D8500 | R6200v2 | WN3000RP |
| DC112A | R6250 | WN3100RP |
| DGN2200 | R6300 | WN3500RP |
| DGN2200v4 | R6300v2 | WNCE3001 |
| DGN2200M | R6400 | WNDR3300 |
| DGND3700 | R6400v2 | WNDR3300v2 |
| EX3700 | R6700 | WNDR3400 |
| EX3800 | R6700v3 | WNDR3400v2 |
| EX3920 | R6900 | WNDR3400v3 |
| EX6000 | R6900P | WNDR3700v3 |
| EX6100 | R7000 | WNDR4000 |
| EX6120 | R7000P | WNDR4500 |
| EX6130 | R7100LG | WNDR4500v2 |
| EX6150 | R7300 | WNR834Bv2 |
| EX6200 | R7850 | WNR1000v3 |
| EX6920 | R7900 | WNR2000v2 |
| EX7000 | R8000 | WNR3500 |
| LG2200D | R8300 | WNR3500v2 |
| MBM621 | R8500 | WNR3500L |
| MBR624GU | RS400 | WNR3500Lv2 |
| MBR1200 | WGR614v8 | XR300 |
| MBR1515 |
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
