Your Netgear router may expose your password if you don't update its firmware

The security of internet infrastructure devices like routers and wireless access points, along with all kinds of devices that connect through them, has been of particular concern lately. Recent distributed denial of service (DDoS) attacks have originated in Internet of Things (IoT) devices, for example, and a slowdown in such issues doesn’t seem imminent.
Although Netgear recently released firmware updates to resolve a malicious link exploit in its line of internet routers, yet another issue remains to be tackled. This time around, it’s a vulnerability that can expose the administrator password in certain Netgear routers, as Tom’s Hardware reports.
According to security firm Trustwave, Netgear routers have actually suffered from a couple of security vulnerabilities since April 2016. Although Netgear was contacted by Trustwave on a number of occasions during the ensuing nine months, Netgear didn’t provide a direct response although it did eventually issue a security bulletin covering the issue.
As researcher Simon Kenin indicated on the Trustwave blog Monday, the vulnerability is simple enough that even someone with limited programming skills can exploit it. Kenin describes the bugs as such: “After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is   a totally new bug that I haven’t seen anywhere else. When I tested both bugs on different Netgear models, I found that my second bug works on a much wider range of models.”
The two bugs require either physical access to a router or remote access to be turned on. According to Trustwave’s analysis, at least 10,000, and likely hundreds of thousands or even millions of devices, are potentially vulnerable. For Netgear’s part, the company did issue an advisory in June 2016, along with a workaround for the issue, and has since released firmware updates to resolve it.
The bottom line, as usual, is to at least ensure that your router is fully updated with the latest firmware and that you have turned off all features — such as remote access capability — that could open your network up for attack. Conducting research on which internet-connected devices are considered secure should also be added to the list of specifications when making a purchase.

Comments

  1. Unknown2 May 2018 at 04:03

    Your blog was really helpful to us and you give me such a nice information about Netgear. For any kind of support for Netgear Call 0800-090-3220 Netgear Customer Service Number UK

    ReplyDelete

Post a Comment

Popular posts from this blog

Linktree’s free workaround lets you add multiple links to your Instagram bio

Image
Instagram only gives you one opportunity to link to outside resources inside its photo sharing platform. This might not be a problem for a majority of the users, but for those wanting a little more customization and even more options, it leaves much to be desired. Enter  Linktree , a free tool for Instagram designed to improve traffic to your outside link, be it a blog, portfolio, or store. How it works is fairly straightforward. After connecting Linktree to your Instagram profile, you’ll receive a single link to place in your Instagram bio. Once that link in place, you can customize what it’s linked to within your browser, be it a single website, or a collection of sites you’re looking to direct followers to Say you’re a photographer who’s using Instagram as a marketing tool for your wedding photography. Using Linktree, you can direct Instagram followers to your blog, your portfolio site, and even your other social media accounts. Until now, you would’ve been stuck choosing b
Read more

EVERYTHING WE KNOW ABOUT THE PIXEL 4, THE MOST-LEAKED PHONE EVER

Image
Google’s  Pixel 3 might have been the  most-leaked phone in history . Long before its unveiling, we knew practically everything about it from unboxing videos, photo comparisons, even a full review of the device. Surely, for the Pixel 4, Google would clamp down on leaks to leave some surprises for its debut on  October 15th , right? Let’s just say, if that was the plan, it didn’t exactly work out. We’ve now seen the Pixel 4 XL from every angle and in three different colors. At least seven different sources have touched this phone, many of them confirming the same specs. We not only know which cameras it’ll have, but also what they may be capable of, including air gestures (go figure). That doesn’t even count information Google has already shared  on purpose. So if you want to know almost everything about the Pixel 4 nearly a month before it’s announced, buckle up. We’ve sifted through all of the rumors and information we can find to compile everything we know — and everything we
Read more

Our favorite iOS apps for the iPhone and iPad in 2018

Image
As 2018 comes to a close, it’s time to look at some our favorite apps of the year. While not all of these are brand new, many of them popped up onto our radar for the first time in 2018, and are definitely worth the attention. Others are some of our favorites that are still best-in-class despite having been around for some time now. We aim to do things differently at TNW, and as such you’re not going to find the recommendations you’re probably used to seeing: Gmail, Skype, Dropbox, and the like. Instead, we want to focus on the best-of-the-best that you may not have heard of, and others that are just special enough to warrant a mention. As always, we’d encourage you to share some of your favorites in the comments below, or on Facebook. Enlight Pixaloop (Free Pixaloop  is one of my favorite apps on the market. Unlike typical image editors that allow you to remove red eye or apply a filter, Pixaloop allows you to create stunning photo animations with a few clicks on your
Read more