• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New security flaws can turn Netgear Routers into army of botnets

February 1st, 2017 Uzair Amir Security, Malware 0 comments
New security flaws can turn Netgear Routers into army of botnets
Share on FacebookShare on Twitter

Trustwave researchers have identified flaws in 31 Netgear router models, which may lead to hackers gaining full control of devices. Using these security flaws, an attacker can fully bypass the password on Netgear routers, modify the configuration, create an army of botnets by infecting multiple routers and develop entirely new firmware.

The new vulnerabilities were identified by Simon Kenin, a security researcher at Trustwave while he was trying to access the web interface of the Netgear VEGN2610 router and forgot the password. He tried to fuzz the server using various parameters manually and finally identified a file bearing the name “unauth.cgi.”

In a blog post, Kenin revealed details of his finding: “I started looking up what that “unauth.Cgi” page could be, and I found two publicly disclosed exploits from 2014, for different models that manage to do unauthenticated password disclosure. Booyah! Exactly what I need. Those two guys figured out that the number we get from unauth.cgi can be used with passwordrecovered.cgi to retrieve the credentials.”

CVE-2017-5521: Bypassing Authentication on NETGEAR Routers.

Then Kenin tested the same technique with some other models of Netgear routers and received similar results. Finally, he was convinced that even with erroneous coding he could access the credentials quickly. Kenin further revealed that the bug was “totally new” and when both bugs were tested on different router models from Netgear, he identified that the second bug was applicable on a wider range of router models. He noted that the flaws affected some models; Trustwave researchers managed to point out tens of thousands of exploitable devices, which could be accessed remotely. The original number of affected devices could very well reach a million.

The security advisory from Trustwave is available here. The flaws are a treasure trove for remote attackers as Kenin explained that “The vulnerability can be used by a remote attacker if remote administration is set to be Internet-facing. By default, this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wifi spaces like cafés and libraries using vulnerable equipment.”

[fullsquaread][/fullsquaread]

It must be noted that since the arrival of Mirai malware, millions of Internet of Things (IoT) devices including CCTV cameras and routers have become vulnerable to large-scale DDoS attacks. To avoid getting itself in an embarrassing situation, Netgear has already launched its bug bounty program in which hackers and security researchers are urged to report critical flaws in its products.

Source: TrustWave | Bot illustration via OpsWat

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

  • Tags
  • DDOS
  • hacking
  • Malware
  • Mirai
  • Netgear
  • Router
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article PSP and Xbox Forums Hacked; 2.5 Million User Accounts Stolen
Next article WordPress Websites Exposed to Severe Content Injection Vulnerability
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

40
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

76
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

103

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us