Security News > 2021 > June > Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers
2021-06-30 23:05

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access.

The three HTTPd authentication security weaknesses impact routers running firmware versions prior to v1.0.0.60, and have since been fixed by the company in December 2020 as part of a coordinated vulnerability disclosure process.

"The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer," Microsoft 365 Defender Research Team's Jonathan Bar Or said.

"As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware-like routers."

"The libc implementation of strcmp works by comparing character-by-character until a NUL terminator is observed or until a mismatch happens. An attacker could take advantage of the latter by measuring the time it takes to get a failure."

NETGEAR DGN2200v1 users are recommended to download and update to the latest firmware to fend off any potential attacks.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/4qWPy1Hqahc/microsoft-discloses-critical-bugs.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774
Netgear 502 8 474 462 149 1093