Last week, Netgear released hotfixes for a network misconfiguration in Nighthawk RAX30 (AX2400) routers that could allow a remote attacker to gain unrestricted access to services otherwise intended for the local network.
The bug existed because the WAN interface of these devices had IPv6 enabled by default, but did not apply for IPv6 traffic access restrictions that were otherwise applied for IPv4 traffic.
Due to this misconfiguration, services running on the router that may be inadvertently listening via IPv6, including SSH and Telnet on ports 22 and 23, may be accessible from the internet.
“This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network,” cybersecurity firm Tenable says.
Security researchers with Tenable identified the issue while preparing an exploit chain for the Pwn2Own Toronto 2022 hacking competition taking place this week, but Netgear released the hotfix the day before the submission deadline, breaking the chain and rendering the exploit useless.
“Prior to the patch, an attacker could interact with these services from the WAN port. After patching, however, we can see that the appropriate ip6tables rules have been applied to prevent access. Additionally, IPv6 now appears disabled by default on newly configured devices,” Tenable explains.
The hotfix was included in RAX30 firmware version 184.108.40.206 and users are advised to update as soon as possible. According to Tenable, a manual check for the update is required as the device does not find updates beyond firmware version 220.127.116.11.
“Any consumers relying on the auto-update or ‘Check for Updates’ mechanisms of these devices are likely to remain vulnerable to this issue and any other issues teased over the coming days of Pwn2Own Toronto 2022,” Tenable notes.
The cybersecurity firm has refrained from providing further technical details on this vulnerability. In its advisory, Netgear only says that the hotfix patches security vulnerabilities.
According to Tenable, others who have signed up for Pwn2Own were also affected by Netgear’s patch.