Security News > 2021 > July > Netgear Authentication Bypass Allows Router Takeover
Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials.
Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday.
Gif" to demonstrate how researchers achieved "a complete and fully reliable authentication bypass.
Researchers decided to dive even deeper to see how the authentication was implemented, finding that router credentials also could be gained using a side-channel attack, they said.
The vulnerabilities aren't the first time Netgear routers have had authentication flaws, allowing attackers to use them as an entry point into the wider network.
About a year ago researchers discovered an unpatched zero-day vulnerability in firmware that put 79 Netgear device models at risk for full takeover.
News URL
https://threatpost.com/netgear-authentication-bypass-router-takeover/167469/