Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Posted by timothy on Tuesday February 17, 2015 @03:20AM from the oops-and-darnit dept.

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

1 of 57 comments (clear)

Min score:

Reason:

Sort:

Why would any novice by invictusvoyd · 2015-02-17 03:26 · Score: 5, Informative

want to "remote manage" their home router ? it's inherently dangerous . Someday we'll have a hardened DD-WRT for all major routers , easy enough to be used by anyone. Most of the firmware shipped by manufacturers is closed and is generally of low quality.