Netgear exploit found in 31 models lets hackers turn your router into a botnet

[Disassembled 249]

Netgear exploit found in 31 models lets hackers turn your router into a botnet

You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.

Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router’s password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings.

What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.

Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be “over a million.”

Kenin further warns that anyone with physical access to faulty Netgear routers can abuse their defensive mechanisms to obtain access to the device, including the ability to turn routers into botnets.

“The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally,” the researcher said. “This would include public wifi spaces like cafés and libraries using vulnerable equipment.”

Trustwave has since reported the hole to the National Vulenrability Database. Netgear has also confirmed the flaw in a post on its website, releasing a full list of the affected models:


    R8500
    R8300
    R7000
    R6400
    R7300DST
    R7100LG
    R6300v2
    WNDR3400v3
    WNR3500Lv2
    R6250
    R6700
    R6900
    R8000
    R7900
    WNDR4500v2
    R6200v2
    WNDR3400v2
    D6220
    D6400
    C6300 (firmware released to ISPs)

In case you own one of the listed routers, you’re strongly advised to update the firmware of your device in order to avoid risking getting hacked. Netgear has already posted the updated firmware on its website.

This vulnerability marks a second blunder for the popular router-maker in a window of less than two months.

Back in December, the US Computer Emergency Readiness Team warned users against using Netgear R7000 and R6400 routers after discovering another high-profile flaw in the devices.