Cybersecurity researchers have disclosed critical security vulnerabilities that affect NETGEAR DGN2200v1 series routers, that can enable authentication bypass to take over devices and access stored credentials.
The three HTTPd authentication security weaknesses having CVSS scores of 7.1 – 9.4 affect the routers running firmware versions prior to v18.104.22.168, and was patched by the company in December 2020 as part of a coordinated vulnerability disclosure process.
Microsoft 365 Defender Research Team’s Jonathan Bar Or said that the increasing number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer. As these types of attacks have become common, the users must secure even the single-purpose software that run their hardware such as routers.
The vulnerabilities allow accessing router management pages using an authentication bypass that allows a threat actor to attain complete control over the router and also obtain saved router credentials via a cryptographic side-channel attack, and even recover the username and the password stored in the router’s memory by exploiting the configuration backup\restore feature.
The researchers also found that the credentials were encrypted using a constant key, which can be subsequently used to retrieve the plaintext password and the username.
All the NETGEAR DGN2200v1 users are recommended to download and update to the latest firmware to avoid any potential attacks.
Image Credits : Tom’s Guide