A new report from Tenable, a Columbia, Maryland-based cybersecurity firm, outlined an emerging threat related to NETGEAR and TP-Link routers.
According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event. For your information, Pwn2Own is a computer hacking competition held yearly at the CanSecWest security conference since 2007.
According to researchers, the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400 series) was to be included in the bug-finding contest at Pwn2Own. Just one day before the deadline for registering for the contest, the company identified a flaw that invalidated their submission and had to issue a patch urgently.
What was the Issue?
According to a blog post published by cybersecurity experts at Tenable, network misconfiguration was identified in NETGEAR Nighthawk router versions released before 1.0.9.90. These devices, by default, feature IPv6 for the WAN interface.
The problem is that firewall restrictions in place to determine IPv4 traffic’s access restrictions don’t work on the IPv6 WAN interface. That’s why anyone gaining random access to a service running on the device can listen to IPv6 inadvertently.
For instance, by default, Telnet servers and SSH spawned on Ports 22 and 2. An adversary can exploit this misconfiguration to interact with services accessible only by local network clients.
Threat Mitigation Response
Tenable discovered the patch for a flaw pending disclosure on 1st December 2022, and the next day it reached out to the vendor for its CVE identifier.
Those using the affected NETGEAR Nighthawk routers should apply the recently released patch, which can be found here.
It must be noted that the auto-update and Check for Updates features of the affected router don’t detect this patch at the moment, so you have to apply it manually.