Netgear Router Anxiety Following Trustwave Warning

Update: NETGEAR has released firmware fix for the CVE-2017-5521 vulnerability.

Top security researchers are warning of a new vulnerability possibly affecting over a million Netgear customers. This could potentially give hackers complete control over home routers of those effected. The weakness was discovered by Trustwave security researcher Simon Kenin while trying to circumvent authentication on his own home router. By doing so, the router froze and needed to be rebooted in order to work again.

This flaw could be used by a remote attacker if the remote administration is set to be internet facing (not the default setting) or one that has physical access to local public wi-fi. The vulnerability allows black hats to bypass authentication, providing them with complete control over the targeted router, giving them the ability to reconfigure it or reflash the firmware. Alarmingly, the bug affects at least 31 different Netgear models.

“As many people reuse their password, having the admin password of the router gives us an initial foothold on the network. We can see all the devices connected to the network and try to access them with that same admin password,” Kenin continued.

“With malware such as the Mirai botnet being out there, it is also possible that some of the vulnerable routers could be infected and ultimately used as bots as well. If running a bot is not possible, the DNS can be easily changed to a rogue one, as described by Proofpoint, to further infect machines on the network.”

Trustwave has already identified over 10,000 devices remotely accessible through this weakness, but has estimated that the real number of affected routers is closer to hundreds of thousands, if not over a million. A Netgear Knowledge Base article has provided information on how users can determine whether their router is vulnerable, and offers a new installable firmware to fix the bug.

“We fully expect this move will not only smooth the relationship between third-party researchers and Netgear, but, in the end, will result in a more secure line of products and services,” said Kenin.

Trustwave has reported the hole to the National Vulnerability Database. Netgear has also confirmed the flaw in a post on its website publishing a full list of the affected models. Check it out below:

R8500, R8300, R7000, R6400, R7300DST, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, R8000, R7900, WNDR4500v2, R6200v2, WNDR3400v2, D6220, D6400, and C6300 (firmware released to ISPs).