A vulnerability in Netgear routers and modems could potentially allow hackers to gain full control of affected devices, according to a new report.
The exploit could allow attackers to bypass authentication via a device’s password recovery system. This, in turn, could allow them to gain full administrative access to the router or modem and its settings, according to Simon Kenin, a Trustwave security researcher who first discovered the exploit. Worryingly, the security hole could affect hundreds of thousands, if not over a million devices, Kenin wrote in a Jan. 30 blog post. Trustwave has since reported the exploit to the U.S. National Vulnerability Database.
Luckily, the exploit can only be done remotely if a certain remote administration setting is turned on — and it’s normally off by default, Kenin said. Still, attackers with physical access to a network running on a vulnerable router — such as public Wi-Fi networks in coffee shops, libraries and businesses — can use the security hole.
What’s worrisome about the security hole, Kenin writes, is that attackers could potentially use exploited devices at botnets to initiate large-scale hacking, like October’s 2016 DDoS attacks. In that case, hackers uses affected webcams and DVRs with easy-to-guess default passwords to create an “army” of resources that they used to cause widespread internet disruptions.
Netgear is aware of the exploit, and has already released an updated firmware patch on its website that closes the security hole. In addition, the company posted this list of affected devices. If you see your model on the list below, it’s strongly recommended that you update your firmware.
Additionally, Netgear released a list of routers and DSL gateways running on certain firmware versions that do not have an available fix. For owners of these devices, Netgear recommends that users manually enable password recovery features and disable remote management. Those devices include:
- R6200 on v220.127.116.11_1.0.43
- R6300 on v18.104.22.168_1.0.58
- VEGN2610 on v22.214.171.124_1.0.12
- AC1450 on v126.96.36.199_10.0.16
- WNR1000v3 on v188.8.131.52_60.0.93
- WNDR3700v3 on v184.108.40.206_1.0.31
- WNDR4000 on v220.127.116.11_9.1.86
- WNDR4500 on v18.104.22.168_1.0.68
- D6300 on v22.214.171.124
- D6300B on v126.96.36.199
- DGN2200Bv4 on v188.8.131.52
- DGN2200v4 on v184.108.40.206