If you have a NETGEAR router or cable modem, you’re going to want to check the model number and update the firmware if you haven’t recently done so. First discovered by Trustwave and verified by NETGEAR, certain models of NETGEAR routers are at risk of having web login passwords exposed using a password recovery exploit via the remote management feature.
UPDATE (02/01/2017): NETGEAR has provided us with this official statement, which reaffirms the need for those affected to update their routers with the fixed firmware.
NETGEAR is aware of the vulnerability (CVE-2017-5521), that has been recently publicized by TrustWave. This is not a new or recent development. We have been working with the security analysts to evaluate the vulnerability. NETGEAR has published a knowledge base article from our support page, which lists the affected routers and the available firmware fix.
Firmware fixes are currently available for the majority of the affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for the model and visit the firmware release page for further instructions. For devices that are still pending final firmware updates, please follow the advised work around.
Please note that this vulnerability occurs when an attacker can gain access to the internal network or when remote management is enabled on the router. Remote management is turned off by default; although remote management can turned on through the advanced settings.
NETGEAR does appreciate and value having security concerns brought to our attention. We constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR’s mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
The security issue in question allows an attacker to access an affected NETGEAR router by bypassing authentication which gives them full access to the device, and thus your network. The exploit can be initialized when the attacker has access to the internal network or when the router has remote management enabled. According to Trustwave, their research found more than ten thousand devices that had remote management enabled and hypothesized that the number of affected devices is in the hundreds of thousands, if not more than a million.
NETGEAR has released a firmware update for many device models. If your router is one of the following models, NETGEAR urges you to update your firmware immediately:
A fix has also been released for the NETGEAR C6300 cable modem router. There are a number of other devices that are affected but don’t have a firmware fix. For these models (listed below), NETGEAR recommends that you manually enable the password recovery feature and ensure that remote management is disabled (which it is by default) on your device. Affected devices without a fix include:
Router Model and Firmware Version:
- R6200 v220.127.116.11_1.0.43
- R6300 v18.104.22.168_1.0.58
- VEGN2610 v22.214.171.124_1.0.12
- AC1450 v126.96.36.199_10.0.16
- WNR1000v3 v188.8.131.52_60.0.93
- WNDR3700v3 v184.108.40.206_1.0.31
- WNDR4000 v220.127.116.11_9.1.86
- WNDR4500 v18.104.22.168_1.0.68
DSL Gateway Model and Firmware Version:
- D6300 v22.214.171.124
- D6300B v126.96.36.199
- DGN2200Bv4 v188.8.131.52
- DGN2200v4 v184.108.40.206
NETGEAR also noted that their V6510 device is unaffected by this exploit.
Do you have a NETGEAR router? Are you affected by this password recovery exploit? Let us know in the comments below or on Google+, Twitter, or Facebook.Source: Trustwave Source: Netgear