Two cybersecurity researchers, Adam Nichols from GRIMM and d4rkn3ss from Vietnamese ISP VNPT has discovered an unpatched zero-day flaw in 79 Netgear router. This flaw allows hackers to take full control of the device, and both the researchers have disclosed this vulnerability independently and already informed about this flaw to Netgear.
Soon after knowing about the vulnerability, Netgear confirmed the quick arrival of a patch. Since the vulnerability attack the incoming data that are handled by the Netgear, that’s why the flaw would enable an attacker to build a specially crafted string that will perform commands on the router without requiring any authenticate.
Exploit Development
According to the reports, the vulnerability affects nearly 758 different firmware versions that have been applied on 79 Netgear routers over the years, and some firmware versions are used on devices published in 2007.
More importantly, the bug remains in the web server component that’s injected in the vulnerable Netgear router firmware. And the web servers are used to control the router’s built-in administration panel. While in this event, 79 routers of Netgear has been affected by this vulnerability.
The vulnerability happens before the Cross-Site Request Forgery (CSRF) token is verified. Therefore, this exploit can also be followed through a CSRF attack, and if the affected router browses to a malicious website, that website could utilize the user’s router.
Netgear Routers Version Detection
Detecting the version is one of the essential parts of the vulnerability, as the exploitation can undoubtedly be performed is to remotely identify the model and version of the router that has been attacked.
It will be useless for an attacker to remotely fingerprint a device, as the exploit that has been detected for this zero-day flaw can automatically determine the model and version targeted by the attacker using this strategy.
Router models that are affected by this zero-day security flaw
There are a total of 79 router models that are affected by this zero-day security flaw, and here they are:-
AC1450 MBR1516 WGR614v9
D6220 MBRN3000 WGR614v10
D6300 MVBR1210C WGT624v4
D6400 R4500 WN2500RP
D7000v2 R6200 WN2500RPv2
D8500 R6200v2 WN3000RP
DC112A R6250 WN3100RP
DGN2200 R6300 WN3500RP
DGN2200v4 R6300v2 WNCE3001
DGN2200M R6400 WNDR3300
DGND3700 R6400v2 WNDR3300v2
EX3700 R6700 WNDR3400
EX3920 R6900 WNDR3400v3
EX6000 R6900P WNDR3700v3
EX6100 R7000 WNDR4000
EX6120 R7000P WNDR4500
EX6130 R7100LG WNDR4500v2
EX6150 R7300 WNR834Bv2
EX6200 R7850 WNR1000v3
EX6920 R7900 WNR2000v2
EX7000 R8000 WNR3500
LG2200D R8300 WNR3500v2
MBM621 R8500 WNR3500L
MBR624GU RS400 WNR3500Lv2
MBR1200 WGR614v8 XR300
MBR1515
We all know that routers are one of the essential security boundaries that block attackers from directly utilizing the computers in a network.
Although, due to the weak code feature and a reduction, the inadequate analysis has ended in thousands of vulnerable SOHO devices being revealed to the internet for over a decade.
NETGEAR Advisory:
NERGEAR advisory report says that they are working for the fix on additional hotfixes and final firmware fixes for all affected products.
Also they recommended users to : Turning off Remote Management on the router or gateway Web GUI significantly reduces the risk of exposure to these vulnerabilities.
You can discuss more in this thread in the NETGEAR community where you get assistance users in a more interactive basis.
“NETGEAR is committed to maintaining the security of our products and we monitor for both known and unknown threats, which includes being proactive to potential risks,” NETGEAR told Cyber Security News.
