Vulnerabilities in some Netgear router and NAS products open door to remote attacks

Attackers can compromise the devices with a single HTTP request that doesn't require authentication

By Lucian Constantin, IDG News Service |  Security

Netgear patched the vulnerability in the WNDR4700 1.0.0.52 firmware version that was released in July. However, it seems the company failed to check if other router models are also vulnerable.

The latest firmware version for WNDR3700v4 is 1.0.1.42 and Cutlip performed his tests on the older 1.0.1.32 version. However, static code analysis of the 1.0.1.42 firmware indicates that it is also vulnerable, the researcher said Thursday.

The older WNDR3700v3 hardware revision does not appear to be affected, Cutlip said, adding that he hasn't analyzed the firmware for the much older v1 and v2 revisions yet.

The researcher also discovered a separate authentication bypass vulnerability in the WNDR3700v4 firmware that's not related to the BRS_* issue. "Appending the string 'unauth.cgi' to HTTP requests will bypass authentication for many, if not most, pages," he said.

Cutlip didn't test if WNDR4700 is also vulnerable to this second flaw.

Netgear did not immediately respond to a request for comment.

A search for WNDR3700v4 routers that have their Web interface exposed to the Internet returned over 600 devices on the SHODAN search engine.

"Do not turn on remote administration ever, for any device," Cutlip said. "That's the number one attack surface and it's the one we usually find bugs in."

To avoid local attacks administrators should secure their wireless networks with strong WPA2 passphrases and make sure strangers are not allowed on their local networks, the researcher said.

These vulnerabilities are unlikely to go away soon, even if patches do get released, because many users never update their routers and other embedded systems. That's because they don't know how or because they're not aware of the risks, and a lack of clear communication about security issues from many vendors contributes to this problem.

Back in April, Craig Young, a security researcher at security firm Tripwire, found critical vulnerabilities in the Web management interface of Netgear's ReadyNAS network-attached storage products, including a vulnerability that could be exploited through a single unauthenticated HTTP request to gain complete root access to ReadyNAS devices.

He privately reported the issues to Netgear and the company released RAIDiator firmware versions 4.2.24 and 4.1.12 in July to address them. However, the majority of ReadyNAS devices exposed to the Internet are still vulnerable, according to Young.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness