«
»

Yet Another Security Flaw Found In Netgear Routers

Seriously, what is up with Netgear these days?

After having some serious security flaws pop up last year, comes this latest one found by researcher Simon Kenin of Trustwave. According to this post, he found that by triggering an error message, the router can be tricked into handing over a numerical code that can then be used with the password recovery tool to retrieve the router’s administrator credentials. But what is worse is that Kenin also discovered that in many cases, the numerical code is not even necessary, and that random strings sent directly to the password recovery script would still cause the login information to be displayed. From there, it’s a trivial task to pwn the router. There are 31 different Netgear router models that are affected by this flaw and Netgear advises that you update your firmware right now.

Charming.

You really have to wonder if Netgear takes the security of its products seriously. I get that any vendor can have security issues with their products. But the scale that Netgear seems to have these sorts of issues seems really high to me.

This entry was posted on January 31, 2017 at 9:44 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Yet Another Security Flaw Found In Netgear Routers”

  1. Why Netgear Doesn’t Deserve Another Chance To Get Your Hard Earned Money | The IT Nerd Says:
    June 23, 2020 at 8:35 am

    […] not long after that flaw, yet another security flaw was found in Netgear routers that could allow a miscreant to get the admin password from a […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading