Security researchers are warning of a new vulnerability potentially affecting over one million Netgear customers, which could give hackers complete control over their home routers.
Trustwave security researcher, Simon Kenin, explained that he came across CVE-2017-5521 after trying to remotely circumvent authentication on his own home router when it froze and needed rebooting.
The flaw could be used by a remote attacker if remote administration is set to be internet facing – which it isn’t by default – or one with physical access such as to a local public Wi-Fi hotspot, he claimed.
It effectively allows black hats to circumvent authentication, giving them complete control over a targeted router, to reconfigure it or reflash the firmware.
“As many people reuse their password, having the admin password of the router gives us an initial foothold on the network. We can see all the devices connected to the network and try to access them with that same admin password,” Kenin continued.
“With malware such as the Mirai botnet being out there, it is also possible that some of the vulnerable routers could be infected and ultimately used as bots as well. If running a bot is not possible, the DNS can be easily changed to a rogue one, as described by Proofpoint, to further infect machines on the network.”
Trustwave has already found more than 10,000 devices remotely accessible via this bug, but estimates the real number of affected units to be in the hundreds of thousands, “if not over a million.”
A Netgear Knowledge Base article details how users can test to see if they’re vulnerable, and then install new firmware to patch the bug.
The vendor was contacted about the flaw by Trustwave back in April 2016, but since then more and more models have been found to be affected including the Lenovo R3220 router.
Netgear has since partnered with security testing organization Bugcrowd to improve the way it deals with disclosures.
“We fully expect this move will not only smooth the relationship between third-party researchers and Netgear, but, in the end, will result in a more secure line of products and services,” said Kenin.