Microsoft has recently discovered critical firmware vulnerabilities in NETGEAR router models, the experts claimed that this vulnerability is acting as a stepping stone to move parallel within the networks of the enterprise.
Nowadays, there is a huge rise in firmware attacks and ransomware attacks through VPN devices and many other internet-facing systems. The experts have suggested some examples of attacks that have been instated outside and below the operating system.
These types of attacks are quite common and are befalling randomly, therefore every user must take a deep thought regarding the safety, even on the single-purpose software that administers their hardware like routers.
Getting and uncrating the firmware
After investigating the firmware, it was a simple .zip file that is bearing some release notes. On the other side, the firmware is running binwalk on the .chk file that has completed with the extraction of the filesystem.
The security analyst of Microsoft has claimed that the filesystem is a standard Linux root filesystem, that contains some secondary additions, and ot only that even they have also mentioned some of the appropriate filesystems, here they are:-
/www – contains html pages and .gif pictures
/usr/sbin – contains various custom binaries by NETGEAR, including HTTPd, FTPC, and others
Vulnerabilities in DGN-2200v1 routers
Using authentication bypass the router management pages are accessible: The researchers have found some code during the authentication bypass, the initial code is the first-page handling code that is present inside HTTPd.
This code involuntary allowed some pages like form.css or func.js, but the experts have asserted that there is no harm in allowing such pages.
Through cryptographic side-channel, acquiring the saved router credentials: During this stage, the experts still continue their investigation, but till now they get complete power over the router. Apart from this the experts came to know about a side-channel attack that can easily allow an attacker to get the correct credentials.
During the authentication of this page, HTTP basic authentication is needed. And the username and password would be enciphered as a base64 string that is carried to the HTTP header for final verification.
Fetching all the secrets saved in the device: In this stage, the experts try to recover the password and the user name which are managed by the router utilizing some other existing weaknesses. After trying some of the preliminary steps, the contents are DES-encrypted with a persistent key “NtgrBak”.
So, doing the above-mentioned procedure will eventually enable anyone to get the plaintext password remotely.
Download the patched firmware
The experts have mentioned some steps to download and install the patched firmware:-
- At first, go the NETGEAR Support.
- Then in the search box, you have to type your model number.
- Now you have to choose your model from the drop-down menu when it appears.
- Here you have to click the Downloads option.
- After the above step, under the Current Versions, you have to choose the download whose title starts with Firmware Version.
- Now once you have to click the Download option.
- Lastly, you have to follow the direction in your product’s user manual, firmware release notes, or product support page to install the latest firmware.
In 79 Netgear router models last year the researchers found a zero-day vulnerability, enabling the threat actors to gain full command of vulnerable devices remotely.