12.5 C
New York
Saturday, December 19, 2020
Home News Your Netgear router may expose your password if you don't update its...

Your Netgear router may expose your password if you don’t update its firmware

Why it matters to you

Another vulnerability identified in Netgear routers serves as a reminder to make sure the firmware is updated on all of your internet-connected devices.

The security of internet infrastructure devices like routers and wireless access points, along with all kinds of devices that connect through them, has been of particular concern lately. Recent distributed denial of service (DDoS) attacks have originated in Internet of Things (IoT) devices, for example, and a slowdown in such issues doesn’t seem imminent.

Although Netgear recently released firmware updates to resolve a malicious link exploit in its line of internet routers, yet another issue remains to be tackled. This time around, it’s a vulnerability that can expose the administrator password in certain Netgear routers, as Tom’s Hardware reports.

More: It may be time to turn off your router: Netgear confirms security vulnerability

According to security firm Trustwave, Netgear routers have actually suffered from a couple of security vulnerabilities since April 2016. Although Netgear was contacted by Trustwave on a number of occasions during the ensuing nine months, Netgear didn’t provide a direct response although it did eventually issue a security bulletin covering the issue.

As researcher Simon Kenin indicated on the Trustwave blog Monday, the vulnerability is simple enough that even someone with limited programming skills can exploit it. Kenin describes the bugs as such: “After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is   a totally new bug that I haven’t seen anywhere else. When I tested both bugs on different Netgear models, I found that my second bug works on a much wider range of models.”

The two bugs require either physical access to a router or remote access to be turned on. According to Trustwave’s analysis, at least 10,000, and likely hundreds of thousands or even millions of devices, are potentially vulnerable. For Netgear’s part, the company did issue an advisory in June 2016, along with a workaround for the issue, and has since released firmware updates to resolve it.

The bottom line, as usual, is to at least ensure that your router is fully updated with the latest firmware and that you have turned off all features — such as remote access capability — that could open your network up for attack. Conducting research on which internet-connected devices are considered secure should also be added to the list of specifications when making a purchase.

Latest

Cyberpunk 2077 is stuck at 1080p for some Stadia users due to “high usage”

So many people are playing Cyberpunk 2077 on Google Stadia some users are unable to access 4K quality streams.What you

Bosch wants to take fitness trackers to the next level with its new AI chip

Bosch's new AI chip can automatically detect your workout and even learn new ones.What you need to knowBosch has launched

Microsoft is designing its own ARM-based processor for Surface and cloud servers

Microsoft is working on an in-house processor with ARM-based designs. It could not only be used to power data centers, but also the Surface line of computers.

Samsung Galaxy S21 prices leak and it’s both good and bad

Do you want the good news or the bad news first?What you need to knowLeaked prices for the upcoming Galaxy