Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in Netgear Routers Exposes Administrator Password: Researcher

A security flaw affecting several Netgear Wi-Fi router models can be exploited to gain access to various pieces of information, including the administrator password, a researcher has warned.

A security flaw affecting several Netgear Wi-Fi router models can be exploited to gain access to various pieces of information, including the administrator password, a researcher has warned.

According to Peter Adkins, the vulnerability has been successfully reproduced on Netgear WNDR3700v4, WNDR3700v2, WNDR3700v1 WNR2200 and WNR2500. The flaw could also impact Netgear WNDR3800, WNDRMAC, WPN824N, WNDR4700 and possibly other models.Netgear router administrator password exposed

The issue is related to a Simple Object Access Protocol (SOAP) service that is embedded in some Netgear devices for use with Netgear Genie, an application that allows users to monitor and control their home network from a PC, Mac, smartphone or tablet. Genie can be used to view and configure WLAN credentials and SSIDs, connected clients, and parental controls.

“At first glance, this service appears to be filtered and authenticated; HTTP requests with a `SOAPAction` header set but without a session identifier will yield a HTTP 401 error. However, a HTTP request with a blank form and a `SOAPAction` header is sufficient to execute certain requests and query information from the device,” Adkins explained.

“As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query,” he added.

The researcher has published technical details and a proof-of-concept which demonstrates how an attacker could leverage the vulnerability to obtain the administrator password, WLAN details, the device’s serial number, and information on the clients connected to the router.

Netgear was notified in mid-January through the company’s support channel. However, the support ticket was closed at the end of January without any action being taken. The Mitre Corporation, the organization in charge of Common Vulnerabilities and Exposures (CVE) identifiers, has also been notified, but a CVE has not yet been assigned to this issue.

“Netgear takes customer security seriously,” Netgear told SecurityWeek in an emailed statement. “As we investigate this alleged security vulnerability, we encourage our customers to make sure Wi-Fi security is turned on (this is the default setting on our routers & gateways) to prevent unauthorized devices from joining your network and to be sure remote management is turned off (this is also off by default) to prevent unauthorized devices from accessing your network from the WAN.”

Adkins also advises users to disable remote/WAN management on affected routers, and ensure that only trusted devices are allowed to access the local network.

It’s not uncommon for researchers to identify security issues in routers. Last year, vulnerabilities were found in devices from Asus, Belkin, Netis, and Cisco. In December, Check Point reported identifying a flaw that affected millions of small office and home (SOHO) routers.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.