Disclosed Netgear Flaws Under Attack (threatpost.com) 17
msm1267 writes: A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the research teams that it addressed the problem adequately. The vulnerability is a remotely exploitable authentication bypass that affects Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300-1.1.0.28_1.0.1.img. The flaw allows an attacker, without knowing the router password, to access the administration interface.
Sounds bad, but... (Score:2)
Looks bad, but why would anyone have their web-admin interface opened up to the internet?
XXXSS exploits (Score:5, Informative)
It is called an XXXSS exploit and it is widely documented here from Defcon 18:
https://www.youtube.com/watch?v=YDW7kobM6Ik
http://samy.pl/mapxss/
Basically, any webpage can inject an IFRAME src=https://192.168.1.1/BRS_netgear_success.html onload=malicious()
And manipulate your own INTRANET router against you.
They can also, inject DCC CHAT command within the webpage and have you post those commands through IFRAME or AJAX ...HTML CRAP...IRC COMMAND...HTML CRAP...
and if your router is not patched and use a fixed circular buffer, the router will do something like:
and say HEY, this poor user wants to do some IRC commands and I am blocking him, let's create a new rule to allow this automagically :D
and then it will execute that IRC command and open a hole in your Firewall for you, everyone loves mIRC don't you?
Re: (Score:2)
In mIRC, open the About window and type arnie
Re: (Score:3)
Looks bad, but why would anyone have their web-admin interface opened up to the internet?
Often because they don't know any better, and sometimes because they can't or don't know how. And sometimes it's because the router (for example) won't let them.
For example, my Frontier router won't let me use a 10-character password (it shipped with a 6-character password). It won't let me use most punctuation characters in the password either, reducing the possible complexity to almost nothing. The fucking thing won't even let me use spaces in the Wifi device name.
The security interface can be used, but 9
no profit in patches (Score:2)
they much rather be selling you a new router.
Re:no profit in patches (Score:5, Insightful)
Don't worry. The FCC is hard at work making sure that you'll never have the chance to fix this on your own.
Re: (Score:2)
This is true. I usually buy high end stuff and chuck the stuff my ISP sends me into a box for playing with at another time. I have, seriously, dozens of routers from the ISP that haven't even been unboxed. I have 3 separate lines; one in my garage, one in my house, and one in the house that was here when I had my house built - used for guests and whatnot. Anyhow, they send me three new routers at a time - every time.
Strangely, at least once a year but usually twice a year, I get three new routers without as
Re: (Score:2)
Hmm, I actually got a Cisco from my ISP and ended up buying a Netgear as the Cisco was too unstable.
The Cisco is a Docsis cable modem with built in wifi router. If you use your own router you can have the modem set up in bridge mode, which I did. Ever since the connection is stable. You have to call the ISP to have the modem switch to bridge mode. Funny thing is when I did, the person on the phone agreed with me that using my own router would probably be a lot better.
I'm sure I could buy my own Docsis modem
Re: (Score:2)
Or when you get it install DD-WRT, Tomato, etc. and use the very nice hardware they packaged for you but not the terrible and feature deprived firmware... Seriously, no reason a router should no be able to support things like standard VPN access and yet none of the companies build this into half their high end routers... I like netgear, but their firmware blows ass...
Old news? (Score:1)
Re:Immediately flash all routers! (Score:4, Insightful)
You do realize that Tomato does much the same thing as *WRT? In some cases, for some people, Tomato might be a better choice, depending on what they are trying to do. But, yes, I agree with you. Why buy any box, mini or otherwise, if you can't control it?
It's not a flaw, bug, or vulnerability. (Score:2)
It's a feature. But it looks just like a flaw. Its easy penetration functions to lower the demand on customer service by making it easier for newbies to configure throughput. These folks usually don't notice the flaw in the security, however. Those who do notice vulnerabilities in most all networks are simply paying attention. The details of reality imbue a false sense of security as we imbibe the rivers of denial. De Nile is not just Da River in Egypt.