Netgear Authentication Bypass Allows Router Takeover

2021-07-01 11:30

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials.

Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday.

Gif" to demonstrate how researchers achieved "a complete and fully reliable authentication bypass.

Researchers decided to dive even deeper to see how the authentication was implemented, finding that router credentials also could be gained using a side-channel attack, they said.

The vulnerabilities aren't the first time Netgear routers have had authentication flaws, allowing attackers to use them as an entry point into the wider network.

About a year ago researchers discovered an unpatched zero-day vulnerability in firmware that put 79 Netgear device models at risk for full takeover.

News URL

https://threatpost.com/netgear-authentication-bypass-router-takeover/167469/

#authentication #bypass #netgear #router #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Netgear		760	223	622	159	92	1096

News URL

Related news

Related vendor