Multiple Netgear Router vulnerabilities discovered, might want to update your firmware.

[Jito463]

https://www.theregister.co.uk/2018/02/09/netgear_security_patches/

I'm surprised no one has posted about this, yet.

Quote

If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit.

 

The flaws were found by Martin Rakhmanov at infosec shop Trustwave, which has spent over a year hunting down programming gremlins in Netgear's firmware.

A group called Trustwave have been researching vulnerabilities in Netgear routers for the past year, and they've found several of them.  Multiple models are affected by various issues, ranging from password bypasses to the ability to run code with root access.

Quote

Some 17 Netgear routers have a remote authentication bypass. This means malware or miscreants that are on your network, or anyone else able to reach the device's web-based configuration interface, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo.

 

Another 17 Netgear routers – with some crossover with the above issue – have a similar bug, in that the genie_restoring.cgi script, provided by the box's built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.

 

Other models have less severe problems that still need patching just in case. For example, after pressing the Wi-Fi Protected Setup button, six of Netgear's routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.

 

[paddy-stone]

Thanks for the info. Wouldn't have known I HAD an updated firmware for mine if not.

[Zodiark1593]

My 10 year old router will probably get no update again.

[TetraSky]

Since I installed DD-WRT on mine, I'm assuming that I'm safe from any of these "netgear exclusive" vulnerabilities?
That and because it's old by now so I wouldn't expect an official update for it anyway.

 

Edit : Went and checked, I stand corrected, they literally released a firmware for it last week,"02/03/2018", wasn't expecting that. Some other companies would've just gave us the middle finger for such an old product, no longer being sold and way out of warranty by now.

[Jito463]

1 minute ago, TetraSky said:

Since I installed DD-WRT on mine, I'm assuming that I'm safe from any of these "netgear exclusive" vulnerabilities?

Correct, this only applies to the original firmwares from Netgear.  Third party firmware wouldn't be affected.

[acbluflame]

Between the delay/lack of communication for mitigating KRACK, and now this, I'll definitely be going Ubiquiti in the future.

[sof006]

I use Google Wifi in my home, so i'm good.

[Beskamir]

Yet another reason to use pfsense or dd-wrt.