Researcher Discovers Netgear Authentication Flaw Impacting Thousands of Devices

By Marcos Colon

By fuzzing the web interface of his Netgear router, Trustwave security expert Simon Kenin came across code (unauth.cgi) that was previously associated with two exploits linked to unauthenticated password disclosure flaws, according to a report by CSO’s Salted Hash.

By leveraging the vulnerability, the attacker can ultimately retrieve a victim’s credentials tied to the affected Netgear device. After running tests, Kenin found the vulnerability to work on a broad range of Netgear products.

“The vulnerability can be used by a remote attacker if remote administration is set to be internet facing,” Kenin wrote in a recent blog post. “Be default this is not turned on. However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public wifi space like cafés and libraries using vulnerable equipment.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.