Yet Another Security Flaw Found In Netgear Routers

Seriously, what is up with Netgear these days?

After having some serious security flaws pop up last year, comes this latest one found by researcher Simon Kenin of Trustwave. According to this post, he found that by triggering an error message, the router can be tricked into handing over a numerical code that can then be used with the password recovery tool to retrieve the router’s administrator credentials. But what is worse is that Kenin also discovered that in many cases, the numerical code is not even necessary, and that random strings sent directly to the password recovery script would still cause the login information to be displayed. From there, it’s a trivial task to pwn the router. There are 31 different Netgear router models that are affected by this flaw and Netgear advises that you update your firmware right now.

Charming.

You really have to wonder if Netgear takes the security of its products seriously. I get that any vendor can have security issues with their products. But the scale that Netgear seems to have these sorts of issues seems really high to me.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: