NETGEAR Router Vulnerability Allowed Access to Restricted Services

According to Tenable research, NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event.
NETGEAR Router Vulnerability Allowed Access to Restricted Services

A new report from Tenable, a Columbia, Maryland-based cybersecurity firm, outlined an emerging threat related to NETGEAR and TP-Link routers.

According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event. For your information, Pwn2Own is a computer hacking competition held yearly at the CanSecWest security conference since 2007.

NETGEAR Router Vulnerability Allowed Access to Restricted Services
Last Minute Patch Issued by TP-Link

According to researchers, the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400 series) was to be included in the bug-finding contest at Pwn2Own. Just one day before the deadline for registering for the contest, the company identified a flaw that invalidated their submission and had to issue a patch urgently.

What was the Issue?

According to a blog post published by cybersecurity experts at Tenable, network misconfiguration was identified in NETGEAR Nighthawk router versions released before 1.0.9.90. These devices, by default, feature IPv6 for the WAN interface.

The problem is that firewall restrictions in place to determine IPv4 traffic’s access restrictions don’t work on the IPv6 WAN interface. That’s why anyone gaining random access to a service running on the device can listen to IPv6 inadvertently.

For instance, by default, Telnet servers and SSH spawned on Ports 22 and 2. An adversary can exploit this misconfiguration to interact with services accessible only by local network clients.

Threat Mitigation Response

Tenable discovered the patch for a flaw pending disclosure on 1st December 2022, and the next day it reached out to the vendor for its CVE identifier.

Those using the affected NETGEAR Nighthawk routers should apply the recently released patch, which can be found here.

It must be noted that the auto-update and Check for Updates features of the affected router don’t detect this patch at the moment, so you have to apply it manually.

  1. 415,000 routers infected by cryptomining malware
  2. How To Keep Your Router And WiFi Safe From Hackers
  3. D-Link home routers plagued with critical vulnerabilities
  4. Security flaws turn Netgear Routers into army of botnets
  5. Netgear Gaming Router Offers Protection Against DDoS Attacks
Total
0
Shares
Related Posts