Security CVE-2017-5521 & TWSL2017-003 Bypassing Authentication on NetGear Routers !

eva2000 · Feb 1, 2017

Ouch potentially dangerous news that 31 NetGear router models have a security flaw that can allow hackers to bypass authentication CVE-2017-5521: Bypassing Authentication on NETGEAR Routers !

Home routers are the first and sometimes last line of defense for a network. Despite this fact, many manufacturers of home routers fail to properly audit their devices for security issues before releasing them to the market. As security researchers, we are often disappointed to rediscover that this is not always the case, and that sometimes these vulnerabilities simply fall into our hands during our day-to-day lives.

Such is the story of the two NETGEAR vulnerabilities I want to share with you today:

It was a cold and rainy winter night, almost a year ago, when my lovely NETGEAR VEGN2610 modem/router lost connection to the Internet. I was tucked in bed, cozy and warm, there was no way I was going downstairs to reset the modem, "I will just reboot it through the web panel" I thought to myself. Unfortunately I couldn't remember the password and it was too late at night to check whether my roommates had it.

I considered my options:

Get out of bed, go downstairs and freeze as I reboot the router.

Be lazy, stay in bed, and since I am a security researcher, try to hack it

Needless to say, I chose the latter. "So… where do I start?" I thought to myself, "Well, it has a web interface and I need to bypass the authentication somehow, so the web server is a good start."
Click to expand...

A full description of both of these findings as well as the python script used for testing can be found here. The vulnerabilities have been assigned CVE-2017-5521 and TWSL2017-003.
Click to expand...

Solutions

We recommend that all users of NETGEAR equipment check the Knowledge Base Article for instructions to test if you are vulnerable and how to apply patched firmware if you are.
Click to expand...

Firmware fixes are currently available for the following affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for your model and visit the firmware release page for instructions:

R8500

R8300

R7000

R6400

R7300DST

R7100LG

R6300v2

WNDR3400v3

WNR3500Lv2

R6250

R6700

R6900

R8000

R7900

WNDR4500v2

R6200v2

WNDR3400v2

D6220

D6400

NETGEAR has also released firmware that fixes the web password recovery vulnerability for the following cable modem router:

C6300

For cable products like the C6300, new firmware is released by your Internet service provider after NETGEAR releases it to them. The firmware fix for the C6300, firmware version 2.01.18, has been released to all service providers. Until your service provider releases the firmware fix to you, NETGEAR strongly recommends that you use the workaround procedure explained in this article. To see your C6300’s current firmware version, visit the following knowledge base article and follow the instructions: How do I view the firmware version of my cable modem or modem router?.
Click to expand...

If your affected product does not have a firmware fix available, NETGEAR strongly recommends that you follow this workaround procedure to remediate the vulnerability:

Manually enable the password recovery feature on your device.
For more information, visit Configuring router administrative password recovery.

Ensure that remote management is disabled.
Remote management is disabled by default. For more information, check the user manual for your product, which is available from Support | NETGEAR.

The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
Click to expand...

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Security CVE-2017-5521 & TWSL2017-003 Bypassing Authentication on NetGear Routers !

eva2000 Administrator Staff Member

Solutions

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Security CVE-2017-5521 & TWSL2017-003 Bypassing Authentication on NetGear Routers !

eva2000 Administrator Staff Member

Solutions

.