Up to one Million Netgear Routers Vulnerable to Remote Password Hijacking

Internet-connected devices have always been a prime target for hackers and other online criminals. Netgear, one of the primary router manufacturers in the world,  is facing the wrath of many hackers as we speak. Security researchers discovered hundreds of thousands of the company’s devices are suffering from multiple vulnerabilities which can compromise passwords. Unfortunately, this threat can be exploited both through physical access, as well as remotely.

Netgear Routers Are Vulnerable Right Now

Security researchers issued a major warning pertaining to Netgear routers and other internet-connected devices. As it turns out, nearly one million Netgear devices are vulnerable to password hijacking. Criminals can exploit these vulnerabilities remotely, assuming the device’s remote management feature is turned on. Even if that is not the case, these vulnerabilities can be exploited through physical access to the device.

Thankfully, remote management is turned off by default on virtually every Netgear router these days. Then again, enabling this feature is not all that difficult. More tech-savvy users will have experimented with this feature at some point, and perhaps even forgot to turn it off. Moreover, the researcher discovering these vulnerabilities found out retrieving the router admin password is rather easy, which is anything but a positive development.

By sending a simple request to the Netgear router’s web management server, retrieving the password becomes a breeze. Every Netgear router uses a password recovery token, which is based on a number. As soon as the hacker finds out which number is being used, they can then pair it with a call to the passwordrecovered.cgi script. A very troublesome development, even though that is not the most worrying part just yet.




To make matters worse, the researcher discovering this vulnerability was able to use two exploits in the router that Netgear knew about since 2014. Although the company patched these flaws quickly after they were disclosed, it appears some loopholes still exist. Unfortunately, the issues don’t end there, as retrieving the Netgear router’s password is still possible without sending the correct password recovery token.

Every first call made to the passwordrecovered.cgi file will result in displaying the router’s credentials. This is a very disturbing exploit, to say the least, especially when considering such a dangerous vulnerability has never been recorded before. Sadly, this latest exploit seems to work on a large variety of Netgear routers, which does not bode well for the manufacturer. However, the company acknowledges the issues and instructed users to ensure they have the latest firmware installed on their device.

Things are not looking that great for Netgear, as the company has suffered from two critical vulnerabilities in two months now. In December of 2016, the company’s Nighthawk line was vulnerable to a flaw giving attackers root access. Thankfully, that issue was resolved quickly through a firmware update. It is evident internet-connected devices remain a prime target for criminals, and the number of issues will only grow as more time progresses.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.