Netgear exploit found in 31 models lets hackers turn your router into a botnet



You might want to upgrade the firmware of your router if it happens to sport the Netgear brand. Researchers have discovered a severe security hole that potentially puts hundreds of thousands of Netgear devices at risk.

Disclosed by cybersecurity firm Trustwave, the vulnerability essentially allows attackers to exploit the router’s password recovery system to bypass authentication and hijack admin credentials, giving them full access to the device and its settings.

What is particularly alarming is that the bug affects at least 31 different Netgear models, with the total magnitude of the vulnerability potentially leaving over a million users open to attacks.

Even more unsettling is the fact that affected devices could in certain cases be breached remotely. As Trustwave researcher Simon Kenin explains, any router that has the remote management option switched on is ultimately vulnerable to hacks.

While the remote management feature is disabled by default in most devices, the firm has found more than 10 thousand affected routers, but the actual number could be “over a million.”

Kenin further warns that anyone with physical access to faulty Netgear routers can abuse their defensive mechanisms to obtain access to the device, including the ability to turn routers into botnets.

“The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally,” the researcher said. “This would include public wifi spaces like cafés and libraries using vulnerable equipment.”

Trustwave has since reported the hole to the National Vulenrability Database. Netgear has also confirmed the flaw in a post on its website, releasing a full list of the affected models:

  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400
  • C6300 (firmware released to ISPs)

In case you own one of the listed routers, you’re strongly advised to upgrade the firmware of your device in order to avoid risking getting hacked. Netgear has already posted the updated firmware on its website.

This vulnerability marks a second blunder for the popular router-maker in a window of less than two months.

Back in December, the US Computer Emergency Readiness Team warned users against using Netgear R7000 and R6400 routers after discovering another high-profile flaw in the devices.


CVE-2017-5521: Bypassing Authentication on NETGEAR Routers
on Trustwave