German Netgear routers has (again) several vulnerabilities in the firmware that can be used to overtake devices without a password. However, firmware updates are available to close the vulnerabilities.
Martin Rakhmanov from Trustwave has found serious vulnerabilities in several Netgear products. After firmware updates are available, he has released details about these vulnerabilities.
Trivial error for taking over routers
Netgear routers have a web-based configuration interface to access the device from Internet. However, this configuration interface includes a remote authentication bypass option. This vulnerability allows malware or cybercriminals on the network to access and control the device’s configuration interface. In 17 router models it is sufficient to insert the string &genie=1 into the URL to access the device’s configuration interface. Then access is possible without any authentication. Netgear has released a Security Advisory with links to firmware updates.
More router vulnerabilities
Another 17 Netgear routers (some of which overlap with the above-mentioned devices) have a similar error. There the script genie_restoring.cgi is provided by the built-in web server of the router. This can be misused to extract files and passwords from its file system in the flash memory. The script can even be used to pull files from USB sticks connected to the router. Netgear has released also a Security Advisory with links to firmware updates.
Other router models have less serious vulnerabilities that only need to be fixed in the event of a problem. For example, after pressing the Wi-Fi Protected Setup button, six of Netgears routers open a two-minute window in which an attacker can potentially execute arbitrary code on the router as root over the air. Netgear’s Security Advisory names affected firmware versions and also provides a link to the latest firmware of the devices.