Are you using a Netgear router? Researchers have discovered a very serious security gap that affects hundreds of thousands of Netgear devices.
The Trustwave security firm reports that the vulnerability effectively allows attackers to take advantage of the router's password recovery system to bypass authentication and use administrator credentials to manage full access to the device and its settings.
What is particularly worrying is that the security gap occurs in at least 31 different Netgear models leaving more than one million users open to attacks.
The most alarming is the fact that these devices could in some cases be disturbed remotely. As explained by Trustwave researcher Simon Kenin, any router that has remote management enabled is vulnerable to hacking.
Note that remote management is disabled by default on most devices, and the company says it has found over 10 routers that have been hacked, but the real number could be “over a million.”
Kenin also warns that anyone with physical access to a defective router from Netgear can abuse its defensive mechanisms and gain access to the device by adding the router to botnets.
“The vulnerability could be exploited by a remote attacker if remote administration is enabled. By definition the mode δεν είναι ενεργοποιημένη. Ωστόσο, ο καθένας με φυσική πρόσβαση σε ένα network with a vulnerable router it can be exploited locally," said the researcher.
“This also includes public Wi-Fi locations such as coffee shops and libraries that use the vulnerability latest technology equipment. "
Trustwave reported the security gap in National Vulenrability Database. The Netgear confirmed also the defect with a publication on its website, giving the full list of affected models:
- R8500
- R8300
- R7000
- R6400
- R7300DST
- R7100LG
- R6300v2
- WNDR3400v3
- WNR3500Lv2
- R6250
- R6700
- R6900
- R8000
- R7900
- WNDR4500v2
- R6200v2
- WNDR3400v2
- D6220
- D6400
- C6300 (firmware released to ISPs)