• Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Update now! NetGear routers’ default configuration allows remote attacks

News Hound

I Get The News...
NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6.

No auto-update


The hotfix is available for the model RAX30, also known as the Nighthawk AX5 5-Stream AX2400 WiFi 6 Router.

NetGear nighthawk RAX30


The NetGear Nighthawk RAX 30 (image courtesy of NetGear)

To update your router’s firmware, follow the instructions in your router’s user manual, which can be found online.

Important to note is that having the “check for updates” or even the auto-update options enabled is not sufficient to get this hotfix. It needs to be downloaded manually and applied following the instructions.

What other security vulnerabilities were fixed in this hotfix or in the newer 1.0.9.92 hotfix, which also addresses security vulnerabilities, is unknown at this point.

Popular


The researchers found the bug while looking to enter Pwn2Own Toronto. The NetGear Nighthawk RAX30 is a popular model for home users and small businesses, which is one of the reasons why it was selected as a target for the Pwn2Own contest. Contestants set out to find previously unknown vulnerabilities in widely used software and mobile devices.

NetGear frustrated a lot of participants by issuing the 1.0.9.90 hotfix one day before the registration deadline for Pwn2Own. The patch invalidated the submission of this vulnerability and, it seems, some others as well.

The vulnerability


The vulnerability found by the researchers and patched just before the deadline, allowed unrestricted communication with any services listening via IPv6 on the WAN (internet facing) port of the device, including SSH and Telnet operating on ports 22 and 23 respectively.

Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Secure Shell (SSH) is a network communication protocol that enables two computers to communicate and share data.

Although the researchers shared no further details about their attack chain that was crippled by the patch, having telnet and SSH available makes it very likely they could have reconfigured the router, stolen data, or at least put it out of service.

Stay safe, everyone!


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Continue reading...
 
Top