Security News > 2021 > November > Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.
Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things devices.
Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests - which are event notification alerts that devices use to receive notifications from other devices when certain configuration changes, such as media sharing, happen.
According to GRIMM security researcher Adam Nichols, there exists a memory stack overflow bug in the code that handles the UNSUBSCRIBE requests, which enables an adversary to send a specially crafted HTTP request and run malicious code on the affected device, including resetting the administrator password and delivering arbitrary payloads.
"Since the UPnP daemon runs as root, the highest privileged user in Linux environments, the code executed on behalf of the attacker will be run as root as well," Nichols said.
"With root access on a device, an attacker can read and modify all traffic that is passed through the device."
News URL
https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)