Netgear Router Exploit in the wild

Pierluigi Paganini October 10, 2015

A security researcher has discovered a serious vulnerability in Netgear router that could be exploited by attackers to change the DNS settings.

Once again the NetGear Routers are in the headlines for a serious security issue, nearly 500o devices are exposed to DNS Monitoring.

The security researcher Joe Giron has discovered a serious vulnerability in Netgear router that could be exploited by attackers to change the Domain Name System (DNS) settings of the targeted Netgear routers.

By changing the DNS setting an attacker has different attack options, he can hijack traffic for espionage or to redirect victims to malicious domains that host exploit kits which serve malware.

Giron has disclosed its findings to the BBC, he noticed that someone hacked his router on September 28 and changed the Domain Name System (DNS) settings.

“Joe Giron told the BBC that he discovered altered admin settings on his personal router on 28 September. The compromised router was hacked to send web browsing data to a malicious internet address.” states the post published by the BBC.

The attacker changed the Domain Name System (DNS) settings to a suspicious IP address and was sending web browsing data to it.
“Normally I set mine to Google’s [IP address], and it was not that, it was something else,”Giron added. “For two or three days all my DNS traffic was being sent over to them.”

Giron reported the hack to Netgear firm, the response of the company was not convincing because it admitted the existence of the flaw affecting its devices, but remarked it “affects fewer than 5,000 devices.

Giron and the other 5000 users have no choice, they have to turn off their NetGear router … and this is what the researcher has done.

netgear router

Jonathan Wu, senior director of product management at Netgear confirmed that the flaw affecting the devices is very serious.

“Is it serious? Yes, it definitely is.” said Wu.”Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don’t want it to go to.”

However, in the “hack” of the Giron’s NetGear router, the device settings had been configured in a way that he has not disabled the security setting, so how the attacker accessed the network remotely?

According to security researchers Daniel Haake and Alexandre Herzog of Compass Security in Switzerland, the security flaw allows attackers to gain access to the router settings without needing to provide login credentials,

Mr Giron believes that attackers gained the remote access because his NetGear router settings had been configured to allow access from outside his network.

Netgear announced that a patch will be released by October 14 to solve the issue.

Pierluigi Paganini

(Security Affairs –NetGear router, hacking)



you might also like

leave a comment