Netgear vulnerability exposed TLS certificates to public

TLS certificates can be used to intercept and tamper with secure connections…
Netgear router vulnerability

The keys could be used to intercept and tamper with secure connections (man-in-the-middle attacks) and essentially, any of the compromised routers can be hijacked.

Recently Netgear, a computer networking company was found to have vulnerabilities in the firmware of its wireless routers. The report was made by Nicholas Starke who is a threat researcher at Aruba Networks along with Tom Pohl, the head of software architecture at Businessolver.

According to the duo, they were generally looking for vulnerabilities in the company’s firmware when they stumbled upon private keys of signed TLS certificates publicly available.







For the unfamiliar, every Netgear device comes with a minimum of two running signed TLS certificates. The private keys of these could be used to decrypt any traffic passing through that device and hence would naturally put the user at risk exposing all of their traffic.

See: New security flaws can turn Netgear Routers into army of botnets

Furthermore, these keys could be downloaded from Netgear’s support website without any authentication measures in place making it an open house.

The models compromised include R8900, R9000, RAX120 and XR700 wireless routers. Due to no patch having been released yet despite a response by Netgear on Monday, it has advised users to go with the following 2 options until the issue has been fixed:

  1. Use the Netgear Nighthawk app
  2. Use the HTTP version of routerlogin.com instead of the usual https, this is indeed something that is highly embarrassing for the company.

However, the key concern here more than the flaw at hand is how the company handled this entire ordeal. The researchers have detailed stating that on 14 January when they discovered the vulnerabilities, they tried to get in touch with their team via Twitter but of no avail.





Then on January 15, they took to Bugcrowd where Netgear has a bug bounty program and attempted to “establish a communication channel outside of the Netgear bug bounty programs.” However, this failed despite the latter responding leading the researchers to publish everything publicly on January 19 on Github.  

It is worth noting that if exploited these keys could be used to intercept and tamper with secure connections (man-in-the-middle attacks) and essentially, any of the compromised routers can be hijacked.

See: Netgear’s new gaming router offers protection against DDoS attacks

Mark Thompson, VP of product management at Keyfactor told HackRead that,

“This is yet another example of manufacturers prioritizing time to market over device security. D-Link made the same mistake in 2015 when developers accidentally published keys in open-source firmware. NETGEAR should store these private keys in a secure HSM or use on-device key generation to generate the public-private key pair. This is unfortunate, but a timely reminder to IT leaders to revisit and revise the way they approach device security to mitigate manufacturer vulnerabilities.”







But this is not all. A user named Kevin Froman took to the comments section of their post telling everyone that Netgear had ruled one of his report on a similar issue on July 23, 2017, as a duplicate one hinting at the fact that the company knew of this flaw since almost 2 and a half years ago.

Netgear router vulnerability

However, Searchsecurity investigated asking the Netgear team for clarification on if it had been reported before to which they responded that it had not been stating,

“This particular issue related to Entrust private key being available in the plain text has not been reported to us earlier.” 

Regardless of this specific vulnerability at hand and it had indeed been reported earlier, it is important that Netgear and every other company follows responsible disclosure practices not only to increase consumer trust but also to adequately protect them. Such behavior as exhibited would only end up hurting their reputation in the long term seeing how security-conscious users have become over the past decade.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts