Disclosed Netgear Flaws Under Attack

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300-1.1.0.28_1.0.1.img. The flaw allows an attacker, without knowing the router password, to access the administration interface.

XXXSS exploits

It is called an XXXSS exploit and it is widely documented here from Defcon 18:

https://www.youtube.com/watch?v=YDW7kobM6Ik

http://samy.pl/mapxss/

Basically, any webpage can inject an IFRAME src=https://192.168.1.1/BRS_netgear_success.html onload=malicious()

And manipulate your own INTRANET router against you.

They can also, inject DCC CHAT command within the webpage and have you post those commands through IFRAME or AJAX
and if your router is not patched and use a fixed circular buffer, the router will do something like: ...HTML CRAP...IRC COMMAND...HTML CRAP...

and say HEY, this poor user wants to do some IRC commands and I am blocking him, let's create a new rule to allow this automagically :D

and then it will execute that IRC command and open a hole in your Firewall for you, everyone loves mIRC don't you?