Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Posted by timothy on from the oops-and-darnit dept.

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.

7 of 57 comments (clear)

  1. Why would any novice by invictusvoyd · · Score: 5, Informative

    want to "remote manage" their home router ? it's inherently dangerous . Someday we'll have a hardened DD-WRT for all major routers , easy enough to be used by anyone. Most of the firmware shipped by manufacturers is closed and is generally of low quality.

    1. Re:Why would any novice by drinkypoo · · Score: 3, Informative

      isn't it easy enough to use dd-wrt or openwrt? I find the hard part to be installing it, if like me you try to install on random yard sale routers. I have a high success rate, but it has wasted a lot of time

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Why would any novice by courtarro · · Score: 5, Interesting

      I love DD-WRT and have used it for years, but I get the impression it's a fragile project. The bulk of the work seems to rest on the shoulders of one or two people who only have so much time. I have always preferred Netgear's hardware with DD-WRT on top of it, but Netgear's latest product line (which has a TON of different router models ... way too many, IMO) has only partial support from the DD-WRT project. Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

      I really wish Netgear would just give up on Genie and pay DD-WRT to support development and license it as their official firmware. Rebrand it or something if you want, but give us the power of a real firmware. I've used Genie lately on the R6100 and found quite frustrating for anything fancier than a typical home wifi router use case. Security bugs like this only prove that they're failing to get it right on their own.

      It makes sense that Cisco doesn't want their Linksys-branded routers to be too powerful, since it might hurt sales of fancier Cisco stuff, but what's Netgear's excuse?

    3. Re:Why would any novice by adolf · · Score: 5, Interesting

      DD-WRT seems so splintered: A million different builds, of a million different versions, for a million different things.

      For comparison, Tomato is more monolithic. When a new version is prepared for release, all of the different builds are updated to that version. The builds themselves are genericized as much as possible: All old Broadcom-based MIPS routers (think WRT54G) get the MIPSR1 release, for instance.

      For everything else, there's OpenWRT.

      For my own purposes, I'm sticking with Asus routers. It seems like solid kit, and they sell the same hardware for years and years without the sneakiness that Linksys and Netgear do with routinely completely changing the underlying hardware while keeping the same model number.

      (Oh, and Belkin has owned Linksys for almost 2 years now.)

      --
      Kid-proof tablet..
    4. Re:Why would any novice by tlhIngan · · Score: 3, Informative

      Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

      Well, the R7000 and R8000 are "open routers" per Netgear. The R7500... not so much.

      In fact, the R8000 has a DD-WRT port. As does the R7000.

      And while it takes a bit of hunting, Netgear's source code firmware for those are available as well. (Well, most of it, given the amount of proprietary drivers that are binary only).

      MyOpenRouter is usually where I go first when deciding if there's a particular Netgear router I want. (Netgear runs the site as a central place for all their "open" routers and alternative firmware. At least the routers they officially support as being "open").

  2. Default password by jfdavis668 · · Score: 5, Insightful

    I am always amazed at the number of times I have logged into wifi access points with the default admin password. I have actually logged in and fixed businesses configuration errors. If we can't even get people to change the password, all the rest of the security is useless.

  3. Re:Assume all proprietary router software compromi by wierd_w · · Score: 3, Interesting

    Most consumer device deployments of uboot have a short (3 second) window in which they look for a tftp server broadcasting an update. This is very useful for developers of openwrt and pals, because it allows them to push a test image to the device's memory and boot on it.

    However, it could also be used as an attack vector against home grade routers, if the NSA had a REALLY invested interest in you. Orchestrating a system reboot of your open firmware back to uboot (say, by causing a severe memory corruption event or something similar which panics the kernel-- maybe a hidden function in the LAN asic perhaps) followed by tftp of a new compromised image using say, a compromised windows workstation in the target network to do the serving.

    You would have to completely replace the stock uboot on such routers to remove the small 3 second window.