New vulnerability exploits password recovery system on Netgear routers & modems

Posted:
in General Discussion
Most of Netgear's home and small business router and modem models are affected by a vulnerability in their password recovery system, which could potentially let a hacker assume control or install a botnet, according to a security firm.




An attack would normally require physical access but could be delivered via the internet if a person flips remote management on, Trustwave explained. That option is typically off by default.

The scale of the threat could be significant, since Trustwave said that it has discovered over 10,000 remotely accessible units, and estimates that the real number could be "in the hundreds of thousands, if not over a million."

The issue has already been submitted to the U.S. government's National Vulnerability Database, and acknowledged by Netgear, which has put up a list of exposed models. The company has also issued updated firmware which should close the vulnerability, but only on some devices.

The full list of patched hardware includes:
  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400
  • C6300
  • (available via ISPs)
Still unpatched are the following routers and DSL gateways:
  • R6200
  • R6300
  • VEGN2610
  • AC1450
  • WNR1000v3
  • WNDR3700v3
  • WNDR4000
  • WNDR4500
  • D6300
  • D6300B
  • DGN200Bv4
  • DGN2200v4
For devices in the latter category, Netgear is asking people to manually enable password recovery and make sure remote management is disabled. This should prevent any remote attacks.

In December a vulnerability was uncovered that could subject some Netgear routers to a command injection attack, simply after visiting a malicious website. That vulnerability also remains unpatched on some hardware as well.

Apple's routers remain safe from this, and nearly all other, exploits. However, the future of the AirPort line is unclear with Apple reportedly making moves to disband the stand-alone Airport hardware division, and reassigning the engineers to other departments.

The internal departmental changes suggest that Apple has no plans to update its existing lineup of routers, including the AirPort Extreme, Time Capsule, and AirPort Express, but do not discount the possibility of the functionality being added to a different product. Apple's AirPort Express network extender and AirPlay audio target has not even been updated to the 802.11ac Wi-Fi specification.

Without specifically confirming the dissolution of the AirPort hardware division, AppleInsider was told by our contacts within Apple corporate that the AirPort ecosystem back to the 802.11n version of the AirPort Extreme basestation would be made "as safe as possible for as long as possible."

Comments

  • Reply 1 of 7
    JanNLJanNL Posts: 258member
    Ok then, again: Please Apple, keep the AirPort alive!
    cornchipdysamoriamanfred zorn
  • Reply 2 of 7
    gatorguygatorguy Posts: 20,278member
    JanNL said:
    Ok then, again: Please Apple, keep the AirPort alive!
    The Airport isn't a modem tho is it, a router only?
    cornchip
  • Reply 3 of 7
    gatorguy said:
    JanNL said:
    Ok then, again: Please Apple, keep the AirPort alive!
    The Airport isn't a modem tho is it, a router only?
    That's correct, but the flaws also affect router-only Netgear models.  If you have an internet service that requires a modem, you can use a separate modem and the router of your choice.  In the case of Verizon FIOS, you can choose to get your WAN connection by CAT5 instead of COAX and use an Apple Airport instead of their lousy Actiontec thing (unless you use Verizon TV and want the directory).
    dysamoria
  • Reply 4 of 7
    Mike WuertheleMike Wuerthele Posts: 4,339administrator
    williamh said:
    gatorguy said:
    JanNL said:
    Ok then, again: Please Apple, keep the AirPort alive!
    The Airport isn't a modem tho is it, a router only?
    That's correct, but the flaws also affect router-only Netgear models.  If you have an internet service that requires a modem, you can use a separate modem and the router of your choice.  In the case of Verizon FIOS, you can choose to get your WAN connection by CAT5 instead of COAX and use an Apple Airport instead of their lousy Actiontec thing (unless you use Verizon TV and want the directory).
    Fun fact: if you have an old ONT you're still on PPPoE. It took me AGES to figure that out.
    dysamoria
  • Reply 5 of 7
    macxpressmacxpress Posts: 4,787member
    JanNL said:
    Ok then, again: Please Apple, keep the AirPort alive!
    Or you could just not buy a Netgear. There are other routers out there that aren't effected by this. 
  • Reply 6 of 7
    coolfactorcoolfactor Posts: 1,429member
    The biggest difference between Apple's AirPort routers and all the rest is how administration is done. AirPort Utility runs on Macs and iOS devices to manage the routers, not on the routers themselves. All the rest have some type of server running that opens all kinds of opportunities for hacking and exploitation.
    dysamoria
  • Reply 7 of 7
    sergiozsergioz Posts: 222member
    I have 3rd gen Time capsule mentioned in the article. I still receive updates, even after learning that Apple has disbanded AirPort team! 
Sign In or Register to comment.