Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Posted by timothy on from the oops-and-darnit dept.

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

3 of 57 comments (clear)

  1. Why would any novice by invictusvoyd · · Score: 5, Informative

    want to "remote manage" their home router ? it's inherently dangerous . Someday we'll have a hardened DD-WRT for all major routers , easy enough to be used by anyone. Most of the firmware shipped by manufacturers is closed and is generally of low quality.

    1. Re:Why would any novice by drinkypoo · · Score: 3, Informative

      isn't it easy enough to use dd-wrt or openwrt? I find the hard part to be installing it, if like me you try to install on random yard sale routers. I have a high success rate, but it has wasted a lot of time

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Why would any novice by tlhIngan · · Score: 3, Informative

      Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

      Well, the R7000 and R8000 are "open routers" per Netgear. The R7500... not so much.

      In fact, the R8000 has a DD-WRT port. As does the R7000.

      And while it takes a bit of hunting, Netgear's source code firmware for those are available as well. (Well, most of it, given the amount of proprietary drivers that are binary only).

      MyOpenRouter is usually where I go first when deciding if there's a particular Netgear router I want. (Netgear runs the site as a central place for all their "open" routers and alternative firmware. At least the routers they officially support as being "open").