Security News > 2021 > September > Netgear SOHO Security Bug Allows RCE, Corporate Attacks
A high-severity security bug affecting several Netgear small office/home office routers could allow remote code execution via a man-in-the-middle attack.
From there, attackers can serve up a malicious database update that triggers RCE, which can be created by downloading and modifying a legitimate Netgear database update, researchers said.
They added, "With root access on a router, an attacker can read and modify all traffic that is passed through the router. For example, if an employee connects to a corporate network via a compromised router, the router could MitM the connection and read any unencrypted data sent between the user's device and devices on the corporate network."
Using an exploit for a separate vulnerability, such as the recent PrintNightmare bug, the attacker can compromise attached PCs, move laterally into corporate networks, exfiltrate corporate data or launch further attacks like ransomware.
"While companies have taken steps to facilitate remote work, employees are usually responsible for managing their own internet connections. In most cases, this takes the form of purchasing or renting a SOHO router or modem. These devices typically aren't on the radar of corporate security teams, unlike their enterprise-grade brethren."
To mitigate the risks to corporate environments posed by vulnerable SOHO routers, users should update their router firmware to the latest versions, which contain patches for CVE-2021-40847.
News URL
https://threatpost.com/netgear-soho-security-bug-rce/174921/
Related news
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-21 | CVE-2021-40847 | Cleartext Transmission of Sensitive Information vulnerability in Netgear products The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. | 8.1 |