Netf33r

Written by:
Damian Jennings
Date Posted:
16 February 2018
Category:
Security

Got a Netgear router? Get patching.

Martin Rakhmanov, a researcher at Trustwave (an infosec outfit), has spent the last year of his life searching for cock ups in the firmware of loads of bits of Netgear gear.

Patch now
Surprisingly, the router retailer has already released software to patch the problems. You should install these patches as soon as possible to keep out Naughty People.

A massive 17 routers have a remote auth bypass bug. And it’s a real doozy. Anyone (or anything) that can get to your router’s web-based config can totally pwn you just by added &genie=1 on the end of the URL. Yup, that easy.  It means anyone on the interwebs can do what they want to your box. Alter DNS, do redirects to phishing sites, malware, anything they want really. Even swop out every image for a picture of a cat.

Protected setup?
Another awful, but not quite as awful issue is something to do with the Netgear Wi-Fi Protected Setup button. Which, is meant to, ya know, protect your Wi-Fi set up. Instead, when depressed, the button opens up a 2 minute window when a Naughty Person could run sketchy code on the router as, ahem, root. Got root? Why yes, yes I do.

Rakhmanov politely let Netgear know about how they’d dun goofed. And they responded quickly by fixing it. Which is nice.

Rating: 5.0. From 1 vote.
Please wait...

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.