Update now! NetGear routers’ default configuration allows remote attacks

NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6.

No auto-update

The hotfix is available for the model RAX30, also known as the Nighthawk AX5 5-Stream AX2400 WiFi 6 Router.

NetGear nighthawk RAX30

The NetGear Nighthawk RAX 30 (image courtesy of NetGear)

To update your router’s firmware, follow the instructions in your router’s user manual, which can be found online.

Important to note is that having the “check for updates” or even the auto-update options enabled is not sufficient to get this hotfix. It needs to be downloaded manually and applied following the instructions.

What other security vulnerabilities were fixed in this hotfix or in the newer 1.0.9.92 hotfix, which also addresses security vulnerabilities, is unknown at this point.

Popular

The researchers found the bug while looking to enter Pwn2Own Toronto. The NetGear Nighthawk RAX30 is a popular model for home users and small businesses, which is one of the reasons why it was selected as a target for the Pwn2Own contest. Contestants set out to find previously unknown vulnerabilities in widely used software and mobile devices.

NetGear frustrated a lot of participants by issuing the 1.0.9.90 hotfix one day before the registration deadline for Pwn2Own. The patch invalidated the submission of this vulnerability and, it seems, some others as well.

The vulnerability

The vulnerability found by the researchers and patched just before the deadline, allowed unrestricted communication with any services listening via IPv6 on the WAN (internet facing) port of the device, including SSH and Telnet operating on ports 22 and 23 respectively.

Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Secure Shell (SSH) is a network communication protocol that enables two computers to communicate and share data.

Although the researchers shared no further details  about their attack chain that was crippled by the patch, having telnet and SSH available makes it very likely they could have reconfigured the router, stolen data, or at least put it out of service.

Stay safe, everyone!


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/

Leave a Reply