Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Network Networking

Netgear Exploit Found in 31 Models Lets Hackers Turn Your Router Into a Botnet (thenextweb.com) 57

An anonymous reader shares a report: You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk. Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings. What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks. Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.
This discussion has been archived. No new comments can be posted.

Netgear Exploit Found in 31 Models Lets Hackers Turn Your Router Into a Botnet

Comments Filter:
  • The end of Netgear? (Score:3, Informative)

    by Futurepower(R) ( 558542 ) <MJennings.USA@NOT_any_of_THISgmail.com> on Tuesday January 31, 2017 @10:47AM (#53773731) Homepage
    My extensive post to a previous story about Netgear, hoping to help Netgear improve: The end of Netgear? [slashdot.org]
    • by thomn8r ( 635504 )
      The story about netgear vulnerabilities broke last year (and I had read your post on them - thanks!) so why is this getting posting again to /.?
      • by Cronq ( 169424 )

        CVE-2017-5521 is a new problem unfortunately.

      • by Kremmy ( 793693 )
        Generally when this sort of thing breaks, it keeps breaking for a while. There are a lot of new routers on that list that weren't on it the last time I looked at it. I tell you what, it's not possible to do tech effectively if you filter this stuff as reposts.
    • Why would a consumer-grade router even have remote-admin?

      And why on earth would it be enabled by default?

      If it was a car they'd be forcing a recall.

  • by Anonymous Coward

    FFS, it wasn't long ago that a basic security vulnerability left 300+ million people vulnerable to attack, simply by hacking their election, both emails and the registration servers, attackers were able to insert in a bright orange trojan into office.

    Have we patched that yet? Because an exploit for that is out in the wild wreaking havoc on basic security.

    The virus attack package it carries lets an impersonation attack happen, it appears to be a real, except it doesn't obey any laws and seizing control of th

  • Is stop buying consumer grade WiFi routers that are poorly supported and get a plain access point and stick it behind a real router.

    • by b0bby ( 201198 )

      What real router would you advise which is well supported enough that it's trustworthy? I have a Ubiquiti AP which I'm happy with, but I haven't found a good small solid wired router.

      Also, I would say that since the fix has actually been released, these are not "poorly supported". Every router has the potential to need to be updated, the problem comes when you have things like internet connected DVRs which will never get a firmware update. Even better would be an auto-update system for these things since wh

      • mcdebian and linksys - check it out.

        apt-get goodness for the win!

      • Re: (Score:3, Informative)

        by m0gely ( 1554053 )
        You use Ubiquiti but haven't found a wired only solution? Looked at EdgeRouter [ubnt.com]? If your AP is UniFi then look at their USG [ubnt.com]. It's basically the same hardware as the EdgeRouter Lite but running the UniFi software.
        • by b0bby ( 201198 )

          I'm happy with my current setup (consumer WiFi router + Ubiquiti AP); I did look at the EdgeRouter but didn't think it would improve my setup enough to bother with it.

          The Ubiquiti routers have been vulnerable to worms in the past too, so it's not like the onumer routers are the only ones with vulnerabilities.

      • by darkain ( 749283 )

        pfSense. Roll your own. All it takes is any old generic x86 machine with 2 NICs in it at the bare minimum. (dual-port gigabit Intel NICs are like $20 on eBay). Or, you can buy pre-built pfSense boxes. Fast, secure, feature rich, and constantly up-to-date.

        • Real weenies write their own iptables rules!

          Of course... I am not a real weenie so I use fwbuilder (https://sourceforge.net/projects/fwbuilder/)

        • I gave up on pfsense. it does not fail gracefully. lose power and reboot and eventually you get corrupted boot media. when that happens, remote mgmt task crashes and you have to reinstall.

          too bad. monowall was good but pfsense was horrible for me.

          • I solve loss of power issues with a UPS.

            But before I had the UPS I had regular power outages at my OCONUS location and it has rebooted fine every time. Current uptime 110 days with about 4TB of I/O through it. All on a cheap 10W box that cost $120 + a SODIMM and mSATA card. Pairs with another identical box in the US for a full house always on VPN so I can bypass all the geo restrictions.

            Stick my AP and everything else behind it.

            Easy to use, easy to manage.

      • I have heard that the Ubiquiti Edgerouter is a low cost, fully featured piece of hardware.

        https://www.ubnt.com/edgemax/e... [ubnt.com]

        Never owned one myself, but a lot of people who listen to Security Now seem to like it.

      • Ubiquiti has the EdgeRouter-X ($50), and there is always pfsense/netgate sg-100 ($150). Plenty of reliable, well supported hardware out there.
      • >What real router would you advise which is well supported enough that it's trustworthy?

        I use an NUC with Linux and set up routing tables, firewall, a fail2ban listener (so my servers can tell it to do the filtering) and NAT. None of this is hard and step by step instructions are widely available. I added a second ethernet port to the NUC via the M.2 port and a 3d printed base to hold the connector. The router doesn't mess with DNS and all things point to Google's DNS. It's simple and doesn't rely on ven

    • by bobbied ( 2522392 ) on Tuesday January 31, 2017 @12:03PM (#53774335)

      Is stop buying consumer grade WiFi routers that are poorly supported and get a plain access point and stick it behind a real router.

      Naw, As an owner of some really nice Cisco routers, stick with the consumer router at home unless you have time to learn how to configure it (or do Cisco work for a living). "Professional" gear isn't worth the trouble or cost for most of us. Not to mention that some of Cisco's offerings are really just their version of a consumer level device (that 500 series) and are pretty hard to configure for normal home use. You can do it (I managed) but it was painful to get all those video applications and games to work as expected.

      I do like your access point BEHIND the router as a separate device, but he security you get is really minimal.

      What you SHOULD do is buy hardware that is supported by DD-WRT or OpenWRT and erase the manufacturers firmware at your first opportunity. If you really want to be secure, buy 2 and set up a DMZ network behind a firewall for all the consumer devices you cannot control (video players for Netflix, home automation devices, cable boxes, ec) and put all your secure stuff behind another NATed subnet with a firewall.

      • by darkain ( 749283 )

        This is why I prefer pfSense. It has Cisco like features, but with a DD-WRT/OpenWRT like interface. It is the best of both worlds!

      • Cheap - easy - reliable - secure. This is what most home users should run.

        Their Amplifi line looks fantastic for most home use.

      • by T.E.D. ( 34228 )
        What if my main concern isn't really "security" on my back end, but not contributing to the botnet problem on the front end?
        • Run OpenWRT or DD-WRT and don't enable remote management...Like I said... If you want to run Cisco gear, knock yourself out, but it's over priced and over complicated for use at home.


    • by antdude ( 79039 )

      What are good cheap consumer grade wifi routers that are fully supported then?

    • by AHuxley ( 892839 )
      Get more OS brands and AV firms to offer something like Avast 2015 new feature: Home Network Security scanning (4 November 2014)
      https://blog.avast.com/2014/11... [avast.com]
      Find any device that responds to a list of well understood admin/passwords settings.
      That won't help with all device issues but it might help a bit.
  • Consumer routers should either require setup prior to use, with "remote access" off by default.

    In the alternative, they should be pre-configured with remote access off and local access turned off unless the user presses a button on the router shortly before logging into the router from the LAN side - something akin to the "WPS" push-button-to-connect-to-WiFi setup. The latter is needed to prevent malware from silently logging into the router with default credentials.

    • by Anonymous Coward
      Spectacular idea! The only bad thing is the cost of the extra support personnel to man the phone lines when people don't bother to read the detailed instructions on how you've obfuscated what used to be a straightforward task will be coming from your paycheck. Sorry. But great idea!
    • I'm all for buttons. They keep people who should not be there, out!
    • by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Tuesday January 31, 2017 @11:35AM (#53774067) Homepage Journal

      Consumer routers should either require setup prior to use, with "remote access" off by default.

      I have literally never seen a consumer router which has remote management turned on by default, neither with the original firmware nor community firmware. I am willing to believe that they exist, but I've even owned two or three Netgear APs and none of them had remote management activated by default either. Especially now that so many devices have an easy setup button, most people probably never actually go into their router config after following the included instructions to change the network name and maybe the channel.

    • by b0bby ( 201198 )

      Almost all (including these Netgears) ship with remote access off by default. This isn't going to be a huge problem for most people who won't have turned that on unless they have malware already on their systems which could exploit this locally.

    • by JustNiz ( 692889 )

      The button thing is a great idea, at least until the router no longer has a default admin password. Alternatively it could require a usb memory stick with a "token" on it to be inserted in the router. You would get the token when you register the device on the manufaturers website.

  • Switched from netgear to turris omnia. Netgear firmware and the way they "support" it is a big joke (broken version released; reverting versions; no real testing etc).

    So now happy turris omnia router user.

VMS must die!