Netgear Routers Leaking Passwords
-
A flaw in Netgear wireless routers allows attackers to bypass administrator authentication and potentially gain full access to the devices, a researcher has discovered.
From what I can tell, it's just over WiFi... I hope that there is a firmware update but I doubt it:
Adkins said he notified Netgear about the router takeover flaw, but was told by the vendor's support department that "the network should still stay secure", thanks to a number of unspecified built-in security features.
Article Link: http://www.itnews.com.au/News/400605,netgear-routers-leak-admin-passwords.aspx?eid=1&edate=20150218&utm_source=20150218_AM&utm_medium=newsletter&utm_campaign=daily_newsletter
The Information Disclosure uploaded by the researcher: https://github.com/darkarnium/secpub/blob/master/NetGear/SOAPWNDR/README.md -
Should stay secure? Should and will in this context make a whole lot of difference.
-
@nadnerB said:
Adkins said he notified Netgear about the router takeover flaw, but was told by the vendor's support department that "the network should still stay secure", thanks to a number of unspecified built-in security features.
bullshit.
-
Some of the software on these routers is atrocious. I don't just mean the awful grammar and spelling in the ASUS router I bought, but I wouldn't be surprised at all if password checking was just something like:
var password = document.getElementById('password').value, correctPass = 'foobar'; if (password == correctPass) window.location.href = "/secure/index.html";
