Disclosed Netgear Flaws Under Attack (threatpost.com)

Posted by Soulskill on Friday October 9, 2015 @10:44AM from the if-only-router-firmware-was-heavily-regulated dept.

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300-1.1.0.28_1.0.1.img. The flaw allows an attacker, without knowing the router password, to access the administration interface.

2 of 17 comments (clear)

Min score:

Reason:

Sort:

Re:no profit in patches by KGIII · 2015-10-09 11:30 · Score: 5, Insightful

Don't worry. The FCC is hard at work making sure that you'll never have the chance to fix this on your own.

--
"So long and thanks for all the fish."
Re:Immediately flash all routers! by Runaway1956 · 2015-10-09 13:16 · Score: 3, Insightful

You do realize that Tomato does much the same thing as *WRT? In some cases, for some people, Tomato might be a better choice, depending on what they are trying to do. But, yes, I agree with you. Why buy any box, mini or otherwise, if you can't control it?

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br