A serious vulnerability has been discovered in many popular NETGEAR routers. By exploiting this vulnerability, hackers can expose a router’s password and then use it to take control of the device. The January 2017 announcement about this flaw came just a month after the news about a different but equally dangerous vulnerability in several NETGEAR routers.
More than 30 routers are susceptible to this latest vulnerability, which exposes the passwords used to log in to routers from NETGEAR’s web portal. In order for cybercriminals to exploit the flaw, the password recovery feature must be disabled. The password recovery feature allows users to recover their passwords if they forgot them. This process requires users to answer two security questions. When this feature is enabled, hackers cannot get a router’s password because they will not be able to correctly answer the two questions.
Cybercriminals can attack a vulnerable NETGEAR router through the local network. They can also attack the router remotely if the device’s remote management feature is enabled. Once the hackers gain control of a router, they can change its configuration, make it part of a botnet, or have it perform another type of malicious act.
NETGEAR’s Web GUI Password Recovery and Exposure Security Vulnerability web page lists the routers that contain the flaw. Firmware updates that patch this vulnerability are available for many of the routers. However, updates are not being released for older routers. NETGEAR has provided a workaround that will prevent hackers from exploiting the flaw in these older devices.
Although most of the affected devices are classified as home routers, it is not uncommon for small businesses to use consumer-grade routers. If you think your business might be using one of them, contact us. We can check to see whether your router is affected by this vulnerability and apply the appropriate update if necessary.