Security News > 2021 > September > Netgear SOHO Security Bug Allows RCE, Corporate Attacks
A high-severity security bug affecting several Netgear small office/home office routers could allow remote code execution via a man-in-the-middle attack.
From there, attackers can serve up a malicious database update that triggers RCE, which can be created by downloading and modifying a legitimate Netgear database update, researchers said.
They added, "With root access on a router, an attacker can read and modify all traffic that is passed through the router. For example, if an employee connects to a corporate network via a compromised router, the router could MitM the connection and read any unencrypted data sent between the user's device and devices on the corporate network."
Using an exploit for a separate vulnerability, such as the recent PrintNightmare bug, the attacker can compromise attached PCs, move laterally into corporate networks, exfiltrate corporate data or launch further attacks like ransomware.
"While companies have taken steps to facilitate remote work, employees are usually responsible for managing their own internet connections. In most cases, this takes the form of purchasing or renting a SOHO router or modem. These devices typically aren't on the radar of corporate security teams, unlike their enterprise-grade brethren."
To mitigate the risks to corporate environments posed by vulnerable SOHO routers, users should update their router firmware to the latest versions, which contain patches for CVE-2021-40847.
News URL
https://threatpost.com/netgear-soho-security-bug-rce/174921/
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-21 | CVE-2021-40847 | Cleartext Transmission of Sensitive Information vulnerability in Netgear products The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. | 8.1 |