The IT Nerd

If you own a Netgear router, you might want to pay attention to this. A number of them have a vulnerability that can be exploited by hackers to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device. This was discovered by systems/network engineer Peter Adkins. He’s also got a proof of concept attack out there as well. That’s not good.

The affected routers are:

• Netgear WNDR3700v4 – V1.0.0.4SH
• Netgear WNDR3700v4 – V1.0.1.52
• Netgear WNR2200 – V1.0.1.88
• Netgear WNR2500 – V1.0.0.24.

What’s even scarier is this from Adkins:

“In the absence of a known security contact these issues were reported to Netgear support. The initial response from Netgear support was that despite these issues ‘the network should still stay secure’ due to a number of built-in security features,” says Adkins. 

“Attempts to clarify the nature of this vulnerability with support were unsuccessful. This ticket has since been auto-closed while waiting for a follow up. A subsequent email sent to the Netgear ‘OpenSource’ contact has also gone unanswered.”

That means that there may or may not be a fix for this. Until Netgear comments on this, you are at risk if you have one of these routers. Time for Netgear to step up and protect their users.

This entry was posted on February 17, 2015 at 9:48 pm and is filed under Commentary with tags Netgear, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.