New vulnerabilities in Netgear routers could potentially allow hackers to hijack devices and expose passwords. The vulnerabilities could also allow malicious entities to recruit compromised devices into a botnet and use them to launch large-scale cyberattacks.
Trustwave security researcher Simon Kenin uncovered that the vulnerabilities can be exploited remotely if the routers' management options are enabled. Netgear acknowledged the vulnerabilities and issued firmware fixes for models affected by the issue.
"We have found more than ten thousand vulnerable devices that are remotely accessible. The real number of affected devices is probably in the hundreds of thousands, if not over a million," Kenin said in a Trustwave blog.
Art Swift, President at the Prpl Foundation, told IBTimes UK: "Once these devices have been compromised, especially routers, IoT hubs, and network gateways - due to the fact that they are very often on a local network - they represent a gateway to the network, and can be used to perform a series of attacks on the network bypassing network protection. This can cause a Trojan horse situation for the attackers to get a foothold into the local network."
Kenin claimed that Trustwave disclosed the vulnerabilities to Netgear in April 2016, listing 18 vulnerable models. By the time Netgear responded to Trustwave's disclosures the firm had identified a total of 25 models vulnerable. In July, Netgear issued firmware updates to a portion of the affected models. However, Netgear's most recent advisory reveals that there are now a total of 31 router models vulnerable to the security issues, 18 of which have already been patched.
The firm is encouraging its customers to manually enable password recovery and disable remote management, especially on those devices in which a firmware update is not available.
The company wrote: "The potential for password exposure remains if you do not complete both steps. Netgear is not responsible for any consequences that could have been avoided by following the recommendations in this notification."
Security firm Lastline's VP Brian Laing told IBTimes UK: "Many products, such as these Netgear routers, are sold with vulnerabilities. Some should have been found in development, and some are based on design where the developers assumed incorrectly only the best intentions. New vulnerabilities are found all the time so consumers need to take as many preventative measures as possible, such as disabling remote management. That will mitigate the impact of someone trying to attack an unknown vulnerability."
Following the publication of this article, Netgear provided this emailed statement to IBTimes UK: "NETGEAR is aware of the vulnerability (CVE-2017-5521), that has been recently publicised by TrustWave. This is not a new or recent development. We have been working with the security analysts to evaluate the vulnerability.
"Firmware fixes are currently available for the majority of the affected devices. Please note that this vulnerability occurs when an attacker can gain access to the internal network or when remote management is enabled on the router. Remote management is turned off by default; but can be turned on through the advanced settings."
The statement continues, "NETGEAR does appreciate and value having security concerns brought to our attention. We constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
"It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity."