Authentication bypass flaw in Netgear SOHO routers exploited in the wild
A critical security vulnerability affecting nine Netgear router models is being exploited in the wild.
The flaw that the attackers took advantage of allowed them to access the administration interface of a vulnerable router without submitting a valid username and password.
The attack has been spotted by security expert Joe Giron late last month when he discovered that the Domain Name System (DNS) settings of his personal router had been changed from Google’s IP address to another one.
This means that, for several days, all his DNS traffic was passing through the attackers’ server, meaning that they could see which websites he visited, and redirect him to potentially malicious sites of their choice.
Security researchers at Compass Security and Shellshock Labs have discovered this particular flaw months ago, but Netgear has obviously not been in a rush to fix it.
But, according to the BBC, a new version of the vulnerable firmware that will plug this particular flaw is set to be released on October 14.
The owners of affected routers are required to update the firmware manually. They will be prompted to do so by the Netgear genie app (if they have it installed) or when they logged into their router’s administration interface.
The only good news about this entire situation is that fewer than 5,000 affected routers are currently in service. The vulnerable firmware versions are N300 1.1.0.31 and 1.1.0.28, installed on the following Netgear router models: JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, and WNR618.
The vulnerability can be exploited remotely over LAN/WLAN.