SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
31 Jan 2017

Netgear routers found vulnerable to exposing passwords, being hacked and formed into a botnet

New vulnerabilities in Netgear routers could potentially allow hackers to hijack devices and expose passwords.

The vulnerabilities could also allow malicious entities to recruit compromised devices into a botnet and use them to launch large-scale cyberattacks.

Trustwave security researcher Simon Kenin uncovered that the vulnerabilities can be exploited remotely if the routers' management options are enabled. Netgear acknowledged the vulnerabilities and issued firmware fixes for models affected by the issue. "We have found more than ten thousand vulnerable devices that are remotely accessible. The real number of affected devices is probably in the hundreds of thousands, if not over a million," Kenin said in a Trustwave blog.

Art Swift, President at the Prpl Foundation, told: "Once these devices have been compromised, especially routers, IoT hubs, and network gateways - due to the fact that they are very often on a local network - they represent a gateway to the network, and can be used to perform a series of attacks on the network bypassing network protection. This can cause a Trojan horse situation for the attackers to get a foothold into the local network."

Kenin claimed that Trustwave disclosed the vulnerabilities to Netgear in April 2016, listing 18 vulnerable models. By the time Netgear responded to Trustwave's disclosures the firm had identified a total of 25 models vulnerable. In July, Netgear issued firmware updates to a portion of the affected models. However, Netgear's most recent advisory reveals that there are now a total of 31 router models vulnerable to the security issues, 18 of which have already been patched.

The firm is encouraging its customers to manually enable password recovery and disable remote management, especially on those devices in which a firmware update is not available. The company wrote: "The potential for password exposure remains if you do not complete both steps. Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this notification."

Security firm Lastline's VP Brian Laing told: "Many products, such as these Netgear routers, are sold with vulnerabilities. Some should have been found in development, and some are based on design where the developers assumed incorrectly only the best intentions. New vulnerabilities are found all the time so consumers need to take as many preventative measures as possible, such as disabling remote management. That will mitigate the impact of someone trying to attack an unknown vulnerability."

Tags:
Netgear information leaks
Source:
IBTimes UK
1740
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015