Netgear routers vulnerable to attack

Several popular wireless routers made by Netgear are susceptible to attacks using a recently-discovered vulnerability in their firmware.

From the original report, posted by Peter Adkins on the Full Disclosure mailing list:

Platforms / Firmware confirmed affected:
—-
NetGear WNDR3700v4 – V1.0.0.4SH
NetGear WNDR3700v4 – V1.0.1.52
NetGear WNR2200 – V1.0.1.88
NetGear WNR2500 – V1.0.0.24

Additional platforms believed to be affected:
—-
NetGear WNDR3800
NetGear WNDRMAC
NetGear WPN824N
NetGear WNDR4700

Anyone using one of these routers should immediately confirm that its web interface is NOT enabled for access from the WAN/Internet. If possible, it should also be configured to restrict access to the admin interface to specific IP addresses on the LAN.

A CVE number has not yet been assigned to this vulnerability. Hopefully Netgear will release firmware updates to address this flaw in the near future.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

Your email address will not be published. Required fields are marked *