Network security

Netgear router firmware vulnerabilities created a network security risk

John Leyden July 02, 2021 at 16:30 UTC

Updated: Jul 05, 2021 08:18 UTC

Authentication Bypass Flaw Mitigated Thanks to Microsoft Researchers

Firmware vulnerabilities in a commercial-grade Netgear router opened the door to a range of exploits, including spoofing and full system compromise.

The recently fixed flaws in the Netgear DGN-2200v1 routers were discovered by Microsoft security researchers during product development for certain endpoint protection software.

The three critical security issues identified (with CVSS scores ranging from: 7.1 to 9.4) have each been addressed by Netgear. The problem is limited to a specific Netgear router model, especially the one best suited for small businesses.

Netgear DGN2200v1 routers firmware versions running earlier than v1.0.0.60 are vulnerable and should be upgraded to the latest version as explained in a security consulting from the manufacturer of the network kit.

Learn about the latest security research news

Microsoft offers more details about these flaws in a security blog post.

The three flaws respectively present access to router management pages using an authentication bypass risk, the ability to derive stored router credentials via a cryptographic side channel, and a flaw to retrieve secrets stored in the network. device through the use of the default cryptographic key. .

The daily sip asked Microsoft to comment on its research, but the software giant declined our offer to comment.

RECOMMENDED Latest Web Hacking Tools – Q3 2021

Source link