rahul1117kumar
Contributor
- Joined
- 21 Jun 2013
- Messages
- 10,365
- Reaction score
- 11,057
Netgear has issued firmware updates for several of its router models in response to a vulnerability, which was exposed by a cyber-security firm, on its devices that could reportedly be used by hackers to get full access to the device by recovering the admin password. Netgear has acknowledged that the vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router. The firmware updates follow a warning by US-CERT in December that along with Netgear identified three vulnerable routers made by the company.
Trustwave, the firm which disclosed the flaw, has claimed that the vulnerability is present on more than 10,000 devices that are remotely accessible. "The real number of affected devices is probably in the hundreds of thousands, if not over a million," Trustwave researcher Simon Kenin said in his blog post. In total, 31 models have been listed as vulnerable to the disclosed flaw and Netgear has issued a patch for 18. Two of the models that were previously listed as vulnerable are listed as non-vulnerable now, Kenin points out. The flaw allows attackers to access Web GUI login passwords while password recovery is disabled.
Even though the remote management feature is turned off by default on devices, it can be turned on through advanced settings by users, Netgear said in its post. The firmware fix has been made available by the company for the following models:
R8500
R8300
R7000
R6400
R7300DST
R7100LG
R6300v2
WNDR3400v3
WNR3500Lv2
R6250
R6700
R6900
R8000
R7900
WNDR4500v2
R6200v2
WNDR3400v2
D6220
D6400
Netgear has also released firmware fix for the Web password recovery vulnerability for model V6510. The company has also issued a workaround measure for those devices that are vulnerable but have not received the firmware fix as of now. The gist of the workaround is to manually enable password recovery feature and ensure that remote management is disabled.
Netgear Router Passwords Vulnerable to Hack, Firmware Fix Issued for Most Affected Models | NDTV Gadgets360.com
Trustwave, the firm which disclosed the flaw, has claimed that the vulnerability is present on more than 10,000 devices that are remotely accessible. "The real number of affected devices is probably in the hundreds of thousands, if not over a million," Trustwave researcher Simon Kenin said in his blog post. In total, 31 models have been listed as vulnerable to the disclosed flaw and Netgear has issued a patch for 18. Two of the models that were previously listed as vulnerable are listed as non-vulnerable now, Kenin points out. The flaw allows attackers to access Web GUI login passwords while password recovery is disabled.
Even though the remote management feature is turned off by default on devices, it can be turned on through advanced settings by users, Netgear said in its post. The firmware fix has been made available by the company for the following models:
R8500
R8300
R7000
R6400
R7300DST
R7100LG
R6300v2
WNDR3400v3
WNR3500Lv2
R6250
R6700
R6900
R8000
R7900
WNDR4500v2
R6200v2
WNDR3400v2
D6220
D6400
Netgear has also released firmware fix for the Web password recovery vulnerability for model V6510. The company has also issued a workaround measure for those devices that are vulnerable but have not received the firmware fix as of now. The gist of the workaround is to manually enable password recovery feature and ensure that remote management is disabled.
Netgear Router Passwords Vulnerable to Hack, Firmware Fix Issued for Most Affected Models | NDTV Gadgets360.com
