Connect with us

Business

Firmware vulnerabilities in Netgear routers created network security risk

Published

on

Firmware vulnerabilities in a commercial-grade Netgear router opened the door to a range of exploits, including identity theft and full system compromise.

The recently resolved flaws in Netgear DGN-2200v1 routers were discovered by security researchers at Microsoft during product development for some endpoint protection software.

The three critical security issues identified (with CVSS scores ranging from: 7.1 to 9.4) were each resolved by Netgear. The issue is restricted to a specific Netgear router model, specifically one best suited to small enterprises.

Netgear DGN2200v1 routers running firmware versions prior to v1.0.0.60 are vulnerable and need to be upgraded to the latest build, as explained in a security advisory from the networking kit manufacturer.

Microsoft offers more detail on these flaws in a security blog post.

The three flaws present an accessing router management pages using authentication bypass risk, the possibility of deriving saved router credentials via a cryptographic side-channel and a flaw that made it possible to retrieve secrets stored in the device thanks to use of default cryptographic key, respectively.

The Daily Swig asked Microsoft to comment on its research but the software giant declined our offer to comment.

Source: https://portswigger.net/daily-swig/firmware-vulnerabilities-in-netgear-routers-created-network-security-risk

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO