It’s time to update your firmware. An exploit that affects a number of Netgear routers can easily give hackers access to your wireless admin password which could lead to router lock-out or, worse, illicit use of your Internet.
A researcher for Trustwave, Simon Kenin, first uncovered the problem a year ago when he lost his administration password. He tried to hack his own router, eventually uncovering a secret feature designed to allow password recovery.
￼I woke up the next morning excited by the discovery, I thought to myself: “3 routers with same issue… Coincidence? I think not”. Luckily, I had another, older NETGEAR router laying around; I tested it and bam! Exploited.
I started asking people I knew if they have NETGEAR equipment so I could test further to see the scope of the issue. In order to make life easier for non-technical people I wrote a python script called netgore, similar to wnroast, to test for this issue.
I am not a great programmer. I am aware of that and that is why I don’t work as a full time programmer. As it turned out, I had an error in my code where it didn’t correctly take the number from unauth.cgi and passed gibberish to passwordrecovered.cgi instead, but somehow it still managed to get the credentials!
“Wait… what is going on here?” I thought to myself. After few trials and errors trying to reproduce the issue, I found that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send. This is totally new bug that I haven’t seen anywhere else. When I tested both bugs on different NETGEAR models, I found that my second bug works on a much wider range of models.
The exploit affects the following models:
If you have any of these check your admin panel for a firmware update to ensure nefarious sniffers don’t break into your router and wreak havoc.