Security News

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of "Very odd behaviour" by a Microsoft security research team - a somewhat understated way of saying that attackers can gain "Complete control over the router." As a result, it's possible for remote attackers to take over the router at any time - as discovered by members of the Microsoft 365 Defender Research Team.

Security researchers at Microsoft are flagging multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise. The three vulnerabilities, rated critical by NETGEAR, affect the firmware on NETGEAR DGN-2200v1 series routers.

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were researching device fingerprinting, Microsoft 365 Defender research team's Jonathan Bar Or said in a blog post, posted Wednesday.

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network's security and gain unfettered access. The three HTTPd authentication security weaknesses impact routers running firmware versions prior to v1.0.0.60, and have since been fixed by the company in December 2020 as part of a coordinated vulnerability disclosure process.

Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. They allow unauthenticated attackers to access unpatched routers' management pages via authentication bypass, gain access to secrets stored on the device, and derive saved router credentials using a cryptographic side-channel attack.

Cisco announced a new portfolio of Catalyst industrial routers to extend the power of the enterprise network to the edge with the flexibility, security and scalability needed for IoT success. Three new Catalyst 5G Industrial Routers to securely connect mobile and fixed assets: These new routers are based on Cisco IOS XE to extend the enterprise network and SD-WAN to the edge.

A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. According to AT&T Alien Labs, the scanning for vulnerable Tenda routers piqued researcher interest given that such activity is typically rare.

Sierra Wireless launched the next evolution in routers with its new XR Series of multi-network 5G routers. The XR Series delivers the full performance of 5G across any network whether used for mobile applications or primary, temporary, or backup fixed wireless connectivity.

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated, remote attacker to execute arbitrary code on an affected appliance.