Security News > 2021 > November > Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.

Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things devices.

Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRIBE requests - which are event notification alerts that devices use to receive notifications from other devices when certain configuration changes, such as media sharing, happen.

According to GRIMM security researcher Adam Nichols, there exists a memory stack overflow bug in the code that handles the UNSUBSCRIBE requests, which enables an adversary to send a specially crafted HTTP request and run malicious code on the affected device, including resetting the administrator password and delivering arbitrary payloads.

"Since the UPnP daemon runs as root, the highest privileged user in Linux environments, the code executed on behalf of the attacker will be run as root as well," Nichols said.

"With root access on a device, an attacker can read and modify all traffic that is passed through the device."

News URL

https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html