Broadband customers that own a Netgear router should be aware that their devices have been compromised by a new vulnerability that could enable hackers to take control.
A researcher who uses the online handle Acew0rm, reported PC World, published an exploit for the vulnerability on Friday. He warned Netgear about the issue in August, but the routing vendor never responded.
According to the researcher, the flaw is related to what he says is improper input sanitization in a form in the router’s web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device.
Netgear confirmed the vulnerability and said that its R7000, R6400 and R8000 routers might be vulnerable. But according to another researcher who performed a test, a number of other routers have been affected, including the R7000, R7000P, R7500, R7800, R8500 and R9000.
Craig Young, principal security researcher for Tripwire's Vulnerability and Exposures Research Team, told FierceTelecom that it has also raised security concerns to Netgear about vulnerabilities.
“There’s a lot of routers from Netgear that have publicly documented exploits that are affected the latest firmware versions,” Young said. “I have raised this with Netgear and they just don’t seem to feel the need to release updates to the customers.”
A growing problem
This latest vulnerability appears to be a critical issue for Netgear routers.
Carnegie Mellon University’s U.S. CERT Coordination Center rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System.
Distributed-denial-of-service (DDoS) attacks on broadband routers have come to the forefront recently, illustrating the emerging of attacks on IoT devices.
In November, Deutsche Telekom in Germany reported that 1 in 20 users of its internet service experienced outages.
At the time, Dirk Backofen, a senior Deutsche Telekom security executive, told Reuters that 900,000, or roughly 4.5%, of DT's landline customers were targeted as well as a number of German government routers.
“These customers were using a particular router that had a command injection vulnerability that would allow Mirai to take it over and install the malware,” Young said. “It turned out that at least with some of these models it is not at all impacted by this vulnerability, but what happened was the scanning traffic from the affected routers was overwhelming these other routers not affected by the vulnerability.”
Earlier, Dyn, a managed DNS provider to a number of major internet websites, confirmed that the culprit behind the widespread DDoS cyberattack that caused an internet outage on the East Coast Friday was due to the Mirai botnet.
Cyber underwriting lab needed
One way the router and overall security industry could help overcome security threats would be to create an Underwriters Labs-type organization dedicated to understanding cyberthreats.
This group would operate similarly to the way Underwriters Labs develops practices to protect consumers from issues with electrical appliances.
“We have Underwriter Laboratories to ensure that appliances won’t burn up and start fires, but a newer thing we need to have is this type of organization applied to cyberthreats,” Young said. “This is something that one of the hackers from the Loft Group is working with the government towards this end.”
Young added that such an organization could provide consumers a way to make more informed routing device purchases.
“This could be very positive if it gets to the point where consumers are actually educated towards some devices that are not as secure as others and vendors will have to respond by making the devices more secure to get the sales,” Young said.