Security News > 2021 > September > Netgear SOHO Security Bug Allows RCE, Corporate Attacks

A high-severity security bug affecting several Netgear small office/home office routers could allow remote code execution via a man-in-the-middle attack.

From there, attackers can serve up a malicious database update that triggers RCE, which can be created by downloading and modifying a legitimate Netgear database update, researchers said.

They added, "With root access on a router, an attacker can read and modify all traffic that is passed through the router. For example, if an employee connects to a corporate network via a compromised router, the router could MitM the connection and read any unencrypted data sent between the user's device and devices on the corporate network."

Using an exploit for a separate vulnerability, such as the recent PrintNightmare bug, the attacker can compromise attached PCs, move laterally into corporate networks, exfiltrate corporate data or launch further attacks like ransomware.

"While companies have taken steps to facilitate remote work, employees are usually responsible for managing their own internet connections. In most cases, this takes the form of purchasing or renting a SOHO router or modem. These devices typically aren't on the radar of corporate security teams, unlike their enterprise-grade brethren."

To mitigate the risks to corporate environments posed by vulnerable SOHO routers, users should update their router firmware to the latest versions, which contain patches for CVE-2021-40847.

News URL

https://threatpost.com/netgear-soho-security-bug-rce/174921/