Authentication bypass flaw mitigated thanks to Microsoft researchers
Firmware vulnerabilities in a commercial-grade Netgear router opened the door to a range of exploits, including identity theft and full system compromise.
The recently resolved flaws in Netgear DGN-2200v1 routers were discovered by security researchers at Microsoft during product development for some endpoint protection software.
The three critical security issues identified (with CVSS scores ranging from: 7.1 to 9.4) were each resolved by Netgear. The issue is restricted to a specific Netgear router model, specifically one best suited to small enterprises.
Netgear DGN2200v1 routers running firmware versions prior to v18.104.22.168 are vulnerable and need to be upgraded to the latest build, as explained in a security advisory from the networking kit manufacturer.
Microsoft offers more detail on these flaws in a security blog post.
The three flaws present an accessing router management pages using authentication bypass risk, the possibility of deriving saved router credentials via a cryptographic side-channel and a flaw that made it possible to retrieve secrets stored in the device thanks to use of default cryptographic key, respectively.
The Daily Swig asked Microsoft to comment on its research but the software giant declined our offer to comment.
RECOMMENDED Latest web hacking tools – Q3 2021