Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security

Disclosed Netgear Flaws Under Attack (threatpost.com) 17

msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300-1.1.0.28_1.0.1.img. The flaw allows an attacker, without knowing the router password, to access the administration interface.
This discussion has been archived. No new comments can be posted.

Disclosed Netgear Flaws Under Attack

Comments Filter:
  • Looks bad, but why would anyone have their web-admin interface opened up to the internet?

    • Looks bad, but why would anyone have their web-admin interface opened up to the internet?

      Often because they don't know any better, and sometimes because they can't or don't know how. And sometimes it's because the router (for example) won't let them.

      For example, my Frontier router won't let me use a 10-character password (it shipped with a 6-character password). It won't let me use most punctuation characters in the password either, reducing the possible complexity to almost nothing. The fucking thing won't even let me use spaces in the Wifi device name.

      The security interface can be used, but 9

  • they much rather be selling you a new router.

    • by KGIII ( 973947 ) <uninvolved@outlook.com> on Friday October 09, 2015 @06:30PM (#50696521) Journal

      Don't worry. The FCC is hard at work making sure that you'll never have the chance to fix this on your own.

  • I've known about this for months. This is news?
  • It's a feature. But it looks just like a flaw. Its easy penetration functions to lower the demand on customer service by making it easier for newbies to configure throughput. These folks usually don't notice the flaw in the security, however. Those who do notice vulnerabilities in most all networks are simply paying attention. The details of reality imbue a false sense of security as we imbibe the rivers of denial. De Nile is not just Da River in Egypt.

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White

Working...