GRIMM Private Vulnerability Disclosure Program Reveals Netgear SOHO Devices Vulnerability

GRIMM today announced they performed dedicated vulnerability research against a series of Netgear SOHO devices and discovered a vulnerability that allows remote code execution (RCE) as root. This research stems from GRIMM’s Private Vulnerability Disclosure (PVD) Program where research targets are selected based on extensive threat modeling and our team’s deep background in reverse engineering and vulnerability research.

To mitigate the risk of similar vulnerabilities, GRIMM recommends the use of virtual private network (VPN) clients that encrypt all traffic before it passes through a network device. Additionally, reducing the number of services running on your router is another mitigation strategy for those with direct access to their routers.

This vulnerability is significant because the routers impacted are Small Offices/Home Offices (SOHO) devices. These devices aren’t frequently found inside enterprise networks, and thus security issues within them may be overlooked. However, with the increase in remote work due to COVID-19 precautions, many organizations now have a greater number of their employees connecting to internal networks through their own, personal SOHO devices. In these cases, SOHO device vulnerabilities provide a potential vector through which remote attackers can gain access to the data sent in and out of corporate networks.

The security research is done entirely by GRIMM’s internal PVD team. The GRIMM PVD team has decades of experience in the most sensitive environments. Because GRIMM has a strong commitment to partnership, the PVD program welcomes requests to look into specific software or hardware. GRIMM is able to offer this service to a limited, trusted clientele to ensure that the program is used appropriately while the team works with the vendors for patches.

Leave a Reply

%d bloggers like this: