We have been working with the security analysts to evaluate the vulnerability." The company added that firmware fixes are available for the majority of the affected devices and that users should follow the advised workaround for routers for which final updates are still pending. In an emailed statement, Netgear said, "This is not a new or recent development. "The real number of affected devices is probably in the hundreds of thousands, if not over a million." "We have found more than ten thousand vulnerable devices that are remotely accessible," Kenin said.
There are also cross-site request forgery (CSRF) attacks that can hijack a user's browser when visiting a specially crafted web page and use it to send malicious requests to a router over the local area network. People also routinely share their home Wi-Fi passwords with friends and family members who can bring compromised computers or smart phones into their networks. If vulnerable routers are used to provide wireless internet access in a public space like a library, a bar or a restaurant, anyone connecting to those networks can compromise them. However, this doesn't mean that routers whose web interfaces can only be accessed over the local area network - the default setting - are not at risk. By obtaining admin credentials, attackers can, at the very least, change a router's DNS server settings to redirect users to malicious websites. Routers that are configured for remote administration over the internet are directly vulnerable to attacks that exploit this flaw.
#NETGEAR R8500 NOT CONNECTING PASSWORD#
The exploit works only when password recovery is disabled, which is the default setting. The company's workaround for routers that don't yet have patched firmware versions involves logging into their management interfaces and enabling the Password Recovery feature on the ADVANCED > Administration > Set Password page. Kenin claims that he reported the vulnerability to Netgear in early April and the company put out an advisory in June, along with patched firmware for "a small subset of vulnerable routers." Firmware fixes are now available for 20 models. When I tested both bugs on different NETGEAR models, I found that my second bug works on a much wider range of models." "This is a totally new bug that I haven't seen anywhere else. "After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send," Kenin said in a blog post Monday. The researcher decided to write a script to automate the exploit so that other people could test their own router models, but due to a programming error the script didn't pass the correct token to passwordrecovered.cgi. Last year, Kenin came across this old exploit when he wanted to break into his own router - a different Netgear model - and realized that it worked. Neither of them required authentication to access.
The exploit involved passing a numerical token obtained from one script called unauth.cgi to another called passwordrecovered.cgi. In January 2014, a researcher found that he could trick the web-based management interface of Netgear WNR1000v3 routers to disclose the admin's password.
0 kommentar(er)
