Thursday, March 28, 2024

NETGEAR Routers Bug Let Attackers Compromise Network’s Security for Entire Organization

Microsoft has recently discovered critical firmware vulnerabilities in NETGEAR router models, the experts claimed that this vulnerability is acting as a stepping stone to move parallel within the networks of the enterprise.

Nowadays, there is a huge rise in firmware attacks and ransomware attacks through VPN devices and many other internet-facing systems. The experts have suggested some examples of attacks that have been instated outside and below the operating system.

These types of attacks are quite common and are befalling randomly, therefore every user must take a deep thought regarding the safety, even on the single-purpose software that administers their hardware like routers. 

Getting and uncrating the firmware

After investigating the firmware, it was a simple .zip file that is bearing some release notes. On the other side, the firmware is running binwalk on the .chk file that has completed with the extraction of the filesystem.

The security analyst of Microsoft has claimed that the filesystem is a standard Linux root filesystem, that contains some secondary additions, and ot only that even they have also mentioned some of the appropriate filesystems, here they are:-

/www – contains html pages and .gif pictures

/usr/sbin – contains various custom binaries by NETGEAR, including HTTPd, FTPC, and others

Vulnerabilities in DGN-2200v1 routers

Using authentication bypass the router management pages are accessible: The researchers have found some code during the authentication bypass, the initial code is the first-page handling code that is present inside HTTPd.

This code involuntary allowed some pages like form.css or func.js, but the experts have asserted that there is no harm in allowing such pages.

Through cryptographic side-channel, acquiring the saved router credentials: During this stage, the experts still continue their investigation, but till now they get complete power over the router. Apart from this the experts came to know about a side-channel attack that can easily allow an attacker to get the correct credentials.

During the authentication of this page,  HTTP basic authentication is needed. And the username and password would be enciphered as a base64 string that is carried to the HTTP header for final verification.

Fetching all the secrets saved in the device: In this stage, the experts try to recover the password and the user name which are managed by the router utilizing some other existing weaknesses. After trying some of the preliminary steps, the contents are DES-encrypted with a persistent key “NtgrBak”.

So, doing the above-mentioned procedure will eventually enable anyone to get the plaintext password remotely.

Download the patched firmware

The experts have mentioned some steps to download and install the patched firmware:-

  • At first, go the NETGEAR Support.
  • Then in the search box, you have to type your model number.
  • Now you have to choose your model from the drop-down menu when it appears.
  • Here you have to click the Downloads option.
  • After the above step, under the Current Versions, you have to choose the download whose title starts with Firmware Version.
  • Now once you have to click the Download option.
  • Lastly, you have to follow the direction in your product’s user manual, firmware release notes, or product support page to install the latest firmware.

In 79 Netgear router models last year the researchers found a zero-day vulnerability, enabling the threat actors to gain full command of vulnerable devices remotely.

Also Read: Netgear JGS516PE Ethernet Switch Flaws let Attackers Execute Remote Code

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles