Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

New security flaw discovered in Netgear routers

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 13, 2016

Owners and the system admins of three models of Netgear routers are being strongly advised of the existence of a new security flaw in their broadband boxes.

They are advised to close that security hole as soon as possible to prevent potential attacks. The alternative is to shut down the routers until a new firmware update is available from Netgear.

The equipment maker says that the R-6400, R-7000, and R-8000 series routers are all vulnerable to bulletin no. CVE-2016-582384, a command-injection security flaw that is trivial to exploit.

You simply have to trick someone on the router's local network into opening a booby-trapped webpage. We're told R-7500, R-7800, R-8500 and R-9000 models are also at risk. So this is big.

A potential hacker could direct a victim to a malicious website that abuses the design flaw, or malware on the network could connect to the vulnerable box and exploit the security vulnerability directly.

The end result is countless routers potentially being silently meddled with, infected and/or hijacked.

Due to a major security flaw in the manner that the routers' built-in HTTP server parses requests, you can easily inject commands into a similar router by fetching the following URL: http://(router_IP)/cgi-bin/;COMMAND

The web server code executes the given command string effectively as the root user. The underlying operating system is BusyBox Linux. For example, if one of the affected models is usually on the local IP address 192.168.0.1, then the following HTML embedded in a webpage will force a reboot when someone on the LAN visits that page.

US-CERT says an exploit targeting the security flaw has already been publicly disclosed. The security team's advisory explains: ``Netgear R-7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R-6400, firmware version 1.0.1.12_1.0.11 and possibly earlier, contain an arbitrary command injection vulnerability. By convincing a user to visit a specially crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.``

"Exploiting this vulnerability is trivial," the security advisory cautions. "Users who have the option of doing so should strongly consider discontinuing use of the affected devices until a permanent fix is made available."

Meanwhile, system admins are less than thrilled with Netgear for its security miscue. Security researcher Acew0rm was credited with discovering and disclosing the security flaw over the weekend, as well as developing the proof-of-concept exploit.

We're told Ace warned Netgear about this issue months ago but seemingly nothing was done about it.

While Netgear says it is still working on a firmware fix for the security flaw, US-CERT says the hole can be closed by disabling the router's web server feature with the following URL: http:///cgi-bin/;killall$IFS'httpd'

That request, which exploits the vulnerability itself, disables the builtin HTTP server that is used to administer the device. In other words, customers are being urged to lightly hack their own boxes before an attacker can exploit it for nefarious ends.

US-CERT adds that after executing the command, users will be unable to manage or control the router via the HTTP server until the router is rebooted or power cycled. A software fix is needed from Netgear to permanently eliminate the bug.

"We appreciate and value having security concerns brought to our attention. Netgear constantly monitors for both known and unknown threats," the company said in its alert.

"Being pro-active rather than re-active to emerging security issues is fundamental for product support at Netgear," the company added.

Source: Netgear.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer