Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Posted by timothy on from the oops-and-darnit dept.

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

18 of 57 comments (clear)

  1. Why would any novice by invictusvoyd · · Score: 5, Informative

    want to "remote manage" their home router ? it's inherently dangerous . Someday we'll have a hardened DD-WRT for all major routers , easy enough to be used by anyone. Most of the firmware shipped by manufacturers is closed and is generally of low quality.

    1. Re:Why would any novice by drinkypoo · · Score: 3, Informative

      isn't it easy enough to use dd-wrt or openwrt? I find the hard part to be installing it, if like me you try to install on random yard sale routers. I have a high success rate, but it has wasted a lot of time

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Why would any novice by imatter · · Score: 2

      This is exactly what a novice might want to do, because they don't fully understand it.

    3. Re:Why would any novice by courtarro · · Score: 5, Interesting

      I love DD-WRT and have used it for years, but I get the impression it's a fragile project. The bulk of the work seems to rest on the shoulders of one or two people who only have so much time. I have always preferred Netgear's hardware with DD-WRT on top of it, but Netgear's latest product line (which has a TON of different router models ... way too many, IMO) has only partial support from the DD-WRT project. Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

      I really wish Netgear would just give up on Genie and pay DD-WRT to support development and license it as their official firmware. Rebrand it or something if you want, but give us the power of a real firmware. I've used Genie lately on the R6100 and found quite frustrating for anything fancier than a typical home wifi router use case. Security bugs like this only prove that they're failing to get it right on their own.

      It makes sense that Cisco doesn't want their Linksys-branded routers to be too powerful, since it might hurt sales of fancier Cisco stuff, but what's Netgear's excuse?

    4. Re:Why would any novice by cant_get_a_good_nick · · Score: 2

      The second you say "firmware" or even worse "tftp" you've lost +99.9% of people out there.

    5. Re:Why would any novice by adolf · · Score: 5, Interesting

      DD-WRT seems so splintered: A million different builds, of a million different versions, for a million different things.

      For comparison, Tomato is more monolithic. When a new version is prepared for release, all of the different builds are updated to that version. The builds themselves are genericized as much as possible: All old Broadcom-based MIPS routers (think WRT54G) get the MIPSR1 release, for instance.

      For everything else, there's OpenWRT.

      For my own purposes, I'm sticking with Asus routers. It seems like solid kit, and they sell the same hardware for years and years without the sneakiness that Linksys and Netgear do with routinely completely changing the underlying hardware while keeping the same model number.

      (Oh, and Belkin has owned Linksys for almost 2 years now.)

      --
      Kid-proof tablet..
    6. Re:Why would any novice by afidel · · Score: 2

      The fact is since this is a web vulnerability it will be exploited by XSS attacks from compromised ad networks and also will be included in many exploit kits, you won't have to have remote management enabled for this to be exploited, it will just make it slightly more difficult if you don't.

      As to DD-WRT, if they supported the OpenDNS family settings with bypass accounts like the stock firmware I'd consider it, but for me it's a killer feature, and MAC based exceptions aren't an answer because we have shared PC's that may be used by both the kids and adults.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    7. Re:Why would any novice by Que_Ball · · Score: 2, Interesting

      Lots of love.

      But the company has not done themselves any favours in their choices of distribution channels.

      If they want more penetration they need to start pushing product into the mass market distributors like Ingram Micro, Synnex, Tech Data, and D&H.  These are who most of the retailers do 99% of their purchasing through.  That is who they have integrated their point of sale systems with to populate their web stores, and do EDI for inventory management so that's who they tend to deal with when some customer comes and asks for a new product they don't stock yet.  If they have to go push a bunch of paper to get a new distributor account setup it better be a good sized deal.

      So far I just see Ubiquiti dealing with the specialist distributors who deal with wireless radio specialities.  That's not going to get their access points on the shelves of your local computer dealer or the small and medium sized consulting companies who tend to run the IT departments of small businesses where their products really do fit well.

      Ubiquiti is doing a bad job of targeting their channel market from what I can tell.  They are designing a product that does away with the complexity of enterprise level equivilants.  They don't need dedicated controllers sitting in an enterprise datacentre to run the stuff, but they give a small business many of the same benefits that the enterprise guys sell at a half of the enterprise price premium but the small businesses that really need that stuff are services by local computer stores and small consultants who are not always wireless specialists.  They are generalists and they deal with the mass market distributors where they can get 99% of their needs filled.  So yeah, they buy the Netgear access point or the Asus wireless router that's in stock and they make due with the consumer grade equipment, consumer grade power supply, and get on with it.

    8. Re:Why would any novice by Coren22 · · Score: 2

      I just received two of their APs over the weekend. Unfortunately, one of them fried somehow and won't come on the network anymore. Any idea how I go about getting support? I suppose I could return to Amazon, but I don't feel like that would be appropriate as I do want a replacement, not just a return (as Amazon seems to assume).

      The other AP works perfectly, and was immediately able to replace one of the Netgear routers I was using that never did the job correctly.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    9. Re:Why would any novice by tlhIngan · · Score: 3, Informative

      Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

      Well, the R7000 and R8000 are "open routers" per Netgear. The R7500... not so much.

      In fact, the R8000 has a DD-WRT port. As does the R7000.

      And while it takes a bit of hunting, Netgear's source code firmware for those are available as well. (Well, most of it, given the amount of proprietary drivers that are binary only).

      MyOpenRouter is usually where I go first when deciding if there's a particular Netgear router I want. (Netgear runs the site as a central place for all their "open" routers and alternative firmware. At least the routers they officially support as being "open").

    10. Re: Why would any novice by omnichad · · Score: 2

      OK - to be fair, while the WRT54G line was in production, I only used those. Never used anything else until they were done. Once the antenna was built-in rather than user-replaceable was the beginning of the end.

      I did own a BEFSR41 before that and that was garbage, but I don't think I had even heard of DD-WRT then.

      I've moved on to Asus (and Tomato) for now.

  2. Default password by jfdavis668 · · Score: 5, Insightful

    I am always amazed at the number of times I have logged into wifi access points with the default admin password. I have actually logged in and fixed businesses configuration errors. If we can't even get people to change the password, all the rest of the security is useless.

  3. Is that what /. is using? by XxtraLarGe · · Score: 2

    Did you guys get hacked or what? It seems like this site has been down as much as it has been up lately...

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
    1. Re:Is that what /. is using? by nightsky30 · · Score: 2

      Did you guys get hacked or what? It seems like this site has been down as much as it has been up lately...

      They went to get something to replace the NETGEAR. They'll be back from Walmart shortly.

  4. Assume all proprietary router software compromised by anwyn · · Score: 2, Insightful
    Once and for all: all proprietary router software must be assumed to be compromised. The NSA has been totally committed to ruthless information warfare against the population of the planet. There is no way a corporation can resist them. They consider themselves totally above the law.

    Do not buy a router unless OPENWRT supports it.

    Always overwrite what ever firmware came with the router with a new install of free software.

    The days when Joe Sixpack can just buy a router an plug it in are over! You must do this.

    Security experts need to take a close at uboot software commonly used to install alternate firmware. And check if NSA has hacked that up as well.

  5. Re:Assume all proprietary router software compromi by wierd_w · · Score: 3, Interesting

    Most consumer device deployments of uboot have a short (3 second) window in which they look for a tftp server broadcasting an update. This is very useful for developers of openwrt and pals, because it allows them to push a test image to the device's memory and boot on it.

    However, it could also be used as an attack vector against home grade routers, if the NSA had a REALLY invested interest in you. Orchestrating a system reboot of your open firmware back to uboot (say, by causing a severe memory corruption event or something similar which panics the kernel-- maybe a hidden function in the LAN asic perhaps) followed by tftp of a new compromised image using say, a compromised windows workstation in the target network to do the serving.

    You would have to completely replace the stock uboot on such routers to remove the small 3 second window.

  6. Firmware not a priority to dollars by Anonymous Coward · · Score: 2, Interesting

    I think most consumer grade routers are more inclined to be designed for simplicity of setup then security. Even today, a lot of tech challenged consumers find setting up a router challenging. But most router makers at least default to a secure wireless connection. Although plenty of end users never bother to change the Administrative password. Unfortunately security is not just about device makers taking steps. But rather the end user becoming smarter about how they should protect themselves. I think consumers have used the tactic of just adding another weak layer of software security in the form of a firewall or a Anti Virus program.
    This most likely helps a singular device, but does nothing to help that big open door called the internet which is always on. I don't think people realize how that always on access can mean a lot of access to someone like a hacker.

  7. Re:What about Apple? by fisted · · Score: 2

    They probably aren't relevant (as in widespread) enough to be of real interest.

    --
    CLI paste? paste.pr0.tips!