Nasty unpatched vulnerability exposes Netgear routers to easy hacking

Nasty unpatched vulnerability exposes Netgear routers to easy hacking:

Leave a comment

Dec 12, 2016 7:17 AM PT

Advisory Report:

The flaw allows hackers to execute arbitrary shell commands on affected devices.

The issue stems from improper input sanitization in a form in the router’s web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device.

Since the vulnerability can be exploited with an HTTP request that doesn’t require authentication, hackers can attack the affected routers using cross-site request forgery attacks (CSRF). This works even when the routers don’t have their management interfaces exposed to the Internet.

CSRF attacks hijack users’ browsers when visiting specifically crafted webpages and send unauthorized requests through them. This makes it possible for a malicious website to force a user’s browser to exploit the router over the LAN.

Effected OS, Versions and Applications:

Netgear routers

Verification details:

Users can check if their models are affected by accessing the following URL in a browser when connected to their local area network (LAN): http://[router_ip_address]/cgi-bin/;uname$IFS-a . If this shows any information other than a error or a blank page, the router is likely affected.

Remediation

CERT/CC recommends that users stop using the affected routers until an official patch becomes available, if they can do so. However, there is a workaround that involves exploiting the flaw to stop the router’s web server and prevent future attacks. This can be done with the following command: http://[router_IP_address]/cgi-bin/;killall$IFS’httpd’

In order to protect themselves from CSRF attacks against routers in general, users should change their router’s default IP address. Most of the time, routers will be assigned the first address in a predefined netblock, for example 192.168.0.1, and these are the addresses that hackers will try to attack via CSRF.

Routers have become an attractive target for hackers in recent years as they can be used to spy on user traffic and launch other attacks. Most commonly they are infected with malware and used in distributed denial-of-service (DDoS) campaigns.

References:

http://www.pcworld.com/article/3149554/security/an-unpatched-vulnerability-exposes-netgear-routers-to-hacking.html

© Copyright 2024 Agni Information Systems (P) Ltd.

Top