Slashdot Mirror

← Back to Stories (view on slashdot.org)

Netgear Exploit Found in 31 Models Lets Hackers Turn Your Router Into a Botnet (thenextweb.com)

Posted by msmash on from the security-woes dept.

An anonymous reader shares a report: You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk. Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks. Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

3 of 57 comments (clear)

  1. The end of Netgear? by Futurepower(R) · · Score: 2, Informative

    My extensive post to a previous story about Netgear, hoping to help Netgear improve: The end of Netgear?

  2. Re:What you might want to do by bobbied · · Score: 5, Informative

    Is stop buying consumer grade WiFi routers that are poorly supported and get a plain access point and stick it behind a real router.

    Naw, As an owner of some really nice Cisco routers, stick with the consumer router at home unless you have time to learn how to configure it (or do Cisco work for a living). "Professional" gear isn't worth the trouble or cost for most of us. Not to mention that some of Cisco's offerings are really just their version of a consumer level device (that 500 series) and are pretty hard to configure for normal home use. You can do it (I managed) but it was painful to get all those video applications and games to work as expected.

    I do like your access point BEHIND the router as a separate device, but he security you get is really minimal.

    What you SHOULD do is buy hardware that is supported by DD-WRT or OpenWRT and erase the manufacturers firmware at your first opportunity. If you really want to be secure, buy 2 and set up a DMZ network behind a firewall for all the consumer devices you cannot control (video players for Netflix, home automation devices, cable boxes, ec) and put all your secure stuff behind another NATed subnet with a firewall.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  3. Re:What you might want to do by m0gely · · Score: 3, Informative

    You use Ubiquiti but haven't found a wired only solution? Looked at EdgeRouter? If your AP is UniFi then look at their USG. It's basically the same hardware as the EdgeRouter Lite but running the UniFi software.