Error in Netgear routers can lead to the theft of confidential information

A Netgear router security warning has been issued that affects WiFi and can contribute to the theft of sensitive information, including administrator passwords and wireless network keys. A warning was issued about a serious security problem for Netgear routers that affects WiFi and can contribute to theft of confidential information information, including administrator passwords and keys to the wireless network.

Details of the vulnerability have been published by researcher Peter Adkins, who explained that the error lies in the SOAP service, which is embedded inside the routers. SOAP (Simple Object Access Protocol) is used by the Netgear Genie application, which allows its users to access the configuration of a number of functions on the router, including parental controls, wireless networks and more.
Adkins found a way to send carefully crafted HTTP requests to a SOAP service embedded inside routers, urging them to execute commands without authentication. In this way he could obtain confidential information.

In short, someone malicious, connected to a WiFi network can exploit the vulnerability to obtain an administrator password, wireless network details, device serial number or detailed information about devices connected to the router.

Unfortunately, this is not the end - if remote Netgear router management is enabled, hackers can use it remotely via the Internet. It was reported that the vulnerability was confirmed in devices: NetGear WNDR3700v4, NetGear WNR2200, NetGear WNR2500, NetGear WNDR3700v2, NetGear WNDR3700v1, NetGear WNDR4300, NetGear R6300v2 and NetGear WNDR3800. Suspicious devices are also: NetGear WNDRMAC, NetGear WPN824N and NetGear WNDR4700, but Adkins warns that the fault may also occur in other devices that have not yet been tested.

Adkins says he tried to clarify the matter with Netgear's support team back in January, but he was disappointed with the response:

"The initial reaction of NetGear technical support was the answer" the network should remain safe "due to a number of built-in safeguards. Attempts to further clarify the nature of this vulnerability were ineffective. My query was automatically closed while waiting for a response. Subsequent e-mails sent to NetGear "OpenSource" also remained unanswered. "

So, what should you do? While waiting for security patches from NetGear, the most logical direction of operation to secure the network is to disable remote management options in the router and create a list that allows only trusted devices to connect to the local network. You can also lobby NetGear through all available channels of contact to address the issue of the vulnerability, because Adkins' attempts to find someone who understands the seriousness of the situation in the NetGear technical support department failed.

source: Marken Antivirus Systems



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.