Netgear Home Routers Vulnerability

Over one million Netgear customers are being warned about a vulnerability.   The new vulnerability can give hackers complete control over home based routers.  Simon Kenin, Trustwave security researcher discovered the vulnerability at his own home.  One night, after trying to remotely circumvent authentication on his home router, the router froze and needed rebooting.  As a result, the vulnerability was discovered.   The vulnerabilities have been assigned CVE-2017-5521 and TWSL2017-003.

Kenin explains that the vulnerability is critical since it can be used by a remote attacker when remote administration is set to be internet facing.   Consequently, public WiFi spaces like local malls, cafes, and libraries are affected.  Much as anyone who has access to a network with a vulnerable router can exploit it.  Therefore, the researcher recommends all Netgear equipment users to review and follow instructions in the Knowledge Base Article to test if you are vulnerable.  If you discover you are, follow steps on how to apply patched firmware.

 

 

Resource: https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2017-5521–Bypassing-Authentication-on-NETGEAR-Routers/