Categories: NewsSecurity

Up to one Million Netgear Routers Vulnerable to Remote Password Hijacking

Internet-connected devices have always been a prime target for hackers and other online criminals. Netgear, one of the primary router manufacturers in the world,  is facing the wrath of many hackers as we speak. Security researchers discovered hundreds of thousands of the company’s devices are suffering from multiple vulnerabilities which can compromise passwords. Unfortunately, this threat can be exploited both through physical access, as well as remotely.

Netgear Routers Are Vulnerable Right Now

Security researchers issued a major warning pertaining to Netgear routers and other internet-connected devices. As it turns out, nearly one million Netgear devices are vulnerable to password hijacking. Criminals can exploit these vulnerabilities remotely, assuming the device’s remote management feature is turned on. Even if that is not the case, these vulnerabilities can be exploited through physical access to the device.

Thankfully, remote management is turned off by default on virtually every Netgear router these days. Then again, enabling this feature is not all that difficult. More tech-savvy users will have experimented with this feature at some point, and perhaps even forgot to turn it off. Moreover, the researcher discovering these vulnerabilities found out retrieving the router admin password is rather easy, which is anything but a positive development.

By sending a simple request to the Netgear router’s web management server, retrieving the password becomes a breeze. Every Netgear router uses a password recovery token, which is based on a number. As soon as the hacker finds out which number is being used, they can then pair it with a call to the passwordrecovered.cgi script. A very troublesome development, even though that is not the most worrying part just yet.



Related Post

To make matters worse, the researcher discovering this vulnerability was able to use two exploits in the router that Netgear knew about since 2014. Although the company patched these flaws quickly after they were disclosed, it appears some loopholes still exist. Unfortunately, the issues don’t end there, as retrieving the Netgear router’s password is still possible without sending the correct password recovery token.

Every first call made to the passwordrecovered.cgi file will result in displaying the router’s credentials. This is a very disturbing exploit, to say the least, especially when considering such a dangerous vulnerability has never been recorded before. Sadly, this latest exploit seems to work on a large variety of Netgear routers, which does not bode well for the manufacturer. However, the company acknowledges the issues and instructed users to ensure they have the latest firmware installed on their device.

Things are not looking that great for Netgear, as the company has suffered from two critical vulnerabilities in two months now. In December of 2016, the company’s Nighthawk line was vulnerable to a flaw giving attackers root access. Thankfully, that issue was resolved quickly through a firmware update. It is evident internet-connected devices remain a prime target for criminals, and the number of issues will only grow as more time progresses.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

9 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

9 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

10 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

10 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

14 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

15 hours ago