Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Flaw in Netgear Routers Exposes Administrator Password: Researcher

A security flaw affecting several Netgear Wi-Fi router models can be exploited to gain access to various pieces of information, including the administrator password, a researcher has warned.

A security flaw affecting several Netgear Wi-Fi router models can be exploited to gain access to various pieces of information, including the administrator password, a researcher has warned.

According to Peter Adkins, the vulnerability has been successfully reproduced on Netgear WNDR3700v4, WNDR3700v2, WNDR3700v1 WNR2200 and WNR2500. The flaw could also impact Netgear WNDR3800, WNDRMAC, WPN824N, WNDR4700 and possibly other models.Netgear router administrator password exposed

The issue is related to a Simple Object Access Protocol (SOAP) service that is embedded in some Netgear devices for use with Netgear Genie, an application that allows users to monitor and control their home network from a PC, Mac, smartphone or tablet. Genie can be used to view and configure WLAN credentials and SSIDs, connected clients, and parental controls.

“At first glance, this service appears to be filtered and authenticated; HTTP requests with a `SOAPAction` header set but without a session identifier will yield a HTTP 401 error. However, a HTTP request with a blank form and a `SOAPAction` header is sufficient to execute certain requests and query information from the device,” Adkins explained.

“As this SOAP service is implemented by the built-in HTTP / CGI daemon, unauthenticated queries will also be answered over the internet if remote management has been enabled on the device. As a result, affected devices can be interrogated and hijacked with as little as a well placed HTTP query,” he added.

The researcher has published technical details and a proof-of-concept which demonstrates how an attacker could leverage the vulnerability to obtain the administrator password, WLAN details, the device’s serial number, and information on the clients connected to the router.

Netgear was notified in mid-January through the company’s support channel. However, the support ticket was closed at the end of January without any action being taken. The Mitre Corporation, the organization in charge of Common Vulnerabilities and Exposures (CVE) identifiers, has also been notified, but a CVE has not yet been assigned to this issue.

“Netgear takes customer security seriously,” Netgear told SecurityWeek in an emailed statement. “As we investigate this alleged security vulnerability, we encourage our customers to make sure Wi-Fi security is turned on (this is the default setting on our routers & gateways) to prevent unauthorized devices from joining your network and to be sure remote management is turned off (this is also off by default) to prevent unauthorized devices from accessing your network from the WAN.”

Adkins also advises users to disable remote/WAN management on affected routers, and ensure that only trusted devices are allowed to access the local network.

Advertisement. Scroll to continue reading.

It’s not uncommon for researchers to identify security issues in routers. Last year, vulnerabilities were found in devices from Asus, Belkin, Netis, and Cisco. In December, Check Point reported identifying a flaw that affected millions of small office and home (SOHO) routers.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.