Monday, December 4, 2023

NETGEAR Routers Bug Let Attackers Compromise Network’s Security for Entire Organization

Microsoft has recently discovered critical firmware vulnerabilities in NETGEAR router models, the experts claimed that this vulnerability is acting as a stepping stone to move parallel within the networks of the enterprise.

Nowadays, there is a huge rise in firmware attacks and ransomware attacks through VPN devices and many other internet-facing systems. The experts have suggested some examples of attacks that have been instated outside and below the operating system.

These types of attacks are quite common and are befalling randomly, therefore every user must take a deep thought regarding the safety, even on the single-purpose software that administers their hardware like routers. 

Getting and uncrating the firmware

After investigating the firmware, it was a simple .zip file that is bearing some release notes. On the other side, the firmware is running binwalk on the .chk file that has completed with the extraction of the filesystem.

The security analyst of Microsoft has claimed that the filesystem is a standard Linux root filesystem, that contains some secondary additions, and ot only that even they have also mentioned some of the appropriate filesystems, here they are:-

/www – contains html pages and .gif pictures

/usr/sbin – contains various custom binaries by NETGEAR, including HTTPd, FTPC, and others

Vulnerabilities in DGN-2200v1 routers

Using authentication bypass the router management pages are accessible: The researchers have found some code during the authentication bypass, the initial code is the first-page handling code that is present inside HTTPd.

This code involuntary allowed some pages like form.css or func.js, but the experts have asserted that there is no harm in allowing such pages.

Through cryptographic side-channel, acquiring the saved router credentials: During this stage, the experts still continue their investigation, but till now they get complete power over the router. Apart from this the experts came to know about a side-channel attack that can easily allow an attacker to get the correct credentials.

During the authentication of this page,  HTTP basic authentication is needed. And the username and password would be enciphered as a base64 string that is carried to the HTTP header for final verification.

Fetching all the secrets saved in the device: In this stage, the experts try to recover the password and the user name which are managed by the router utilizing some other existing weaknesses. After trying some of the preliminary steps, the contents are DES-encrypted with a persistent key “NtgrBak”.

So, doing the above-mentioned procedure will eventually enable anyone to get the plaintext password remotely.

Download the patched firmware

The experts have mentioned some steps to download and install the patched firmware:-

  • At first, go the NETGEAR Support.
  • Then in the search box, you have to type your model number.
  • Now you have to choose your model from the drop-down menu when it appears.
  • Here you have to click the Downloads option.
  • After the above step, under the Current Versions, you have to choose the download whose title starts with Firmware Version.
  • Now once you have to click the Download option.
  • Lastly, you have to follow the direction in your product’s user manual, firmware release notes, or product support page to install the latest firmware.

In 79 Netgear router models last year the researchers found a zero-day vulnerability, enabling the threat actors to gain full command of vulnerable devices remotely.

Also Read: Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles