Thursday, December 5, 2024
HomeVulnerabilityNETGEAR Routers Bug Let Attackers Compromise Network’s Security for Entire Organization

NETGEAR Routers Bug Let Attackers Compromise Network’s Security for Entire Organization

Published on

SIEM as a Service

Microsoft has recently discovered critical firmware vulnerabilities in NETGEAR router models, the experts claimed that this vulnerability is acting as a stepping stone to move parallel within the networks of the enterprise.

Nowadays, there is a huge rise in firmware attacks and ransomware attacks through VPN devices and many other internet-facing systems. The experts have suggested some examples of attacks that have been instated outside and below the operating system.

These types of attacks are quite common and are befalling randomly, therefore every user must take a deep thought regarding the safety, even on the single-purpose software that administers their hardware like routers. 

- Advertisement - SIEM as a Service

Getting and uncrating the firmware

After investigating the firmware, it was a simple .zip file that is bearing some release notes. On the other side, the firmware is running binwalk on the .chk file that has completed with the extraction of the filesystem.

The security analyst of Microsoft has claimed that the filesystem is a standard Linux root filesystem, that contains some secondary additions, and ot only that even they have also mentioned some of the appropriate filesystems, here they are:-

/www – contains html pages and .gif pictures

/usr/sbin – contains various custom binaries by NETGEAR, including HTTPd, FTPC, and others

Vulnerabilities in DGN-2200v1 routers

Using authentication bypass the router management pages are accessible: The researchers have found some code during the authentication bypass, the initial code is the first-page handling code that is present inside HTTPd.

This code involuntary allowed some pages like form.css or func.js, but the experts have asserted that there is no harm in allowing such pages.

Through cryptographic side-channel, acquiring the saved router credentials: During this stage, the experts still continue their investigation, but till now they get complete power over the router. Apart from this the experts came to know about a side-channel attack that can easily allow an attacker to get the correct credentials.

During the authentication of this page,  HTTP basic authentication is needed. And the username and password would be enciphered as a base64 string that is carried to the HTTP header for final verification.

Fetching all the secrets saved in the device: In this stage, the experts try to recover the password and the user name which are managed by the router utilizing some other existing weaknesses. After trying some of the preliminary steps, the contents are DES-encrypted with a persistent key “NtgrBak”.

So, doing the above-mentioned procedure will eventually enable anyone to get the plaintext password remotely.

Download the patched firmware

The experts have mentioned some steps to download and install the patched firmware:-

  • At first, go the NETGEAR Support.
  • Then in the search box, you have to type your model number.
  • Now you have to choose your model from the drop-down menu when it appears.
  • Here you have to click the Downloads option.
  • After the above step, under the Current Versions, you have to choose the download whose title starts with Firmware Version.
  • Now once you have to click the Download option.
  • Lastly, you have to follow the direction in your product’s user manual, firmware release notes, or product support page to install the latest firmware.

In 79 Netgear router models last year the researchers found a zero-day vulnerability, enabling the threat actors to gain full command of vulnerable devices remotely.

Also Read: Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...