Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Networking Security Wireless Networking Hardware

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details 57

An anonymous reader writes A number of Netgear home wireless routers sport a vulnerability that can be misused by unauthenticated attackers [here's the report at seclists.org] to obtain the administrator password, device serial number, WLAN details, and various details regarding clients connected to the device, claims systems/network engineer Peter Adkins. The vulnerability is found in the embedded SOAP service, which is a service that interacts with the Netgear Genie application that allows users to control (change WLAN credentials, SSIDs, parental control settings, etc.) their routers via their smartphones or computers.
This discussion has been archived. No new comments can be posted.

Flaw In Netgear Wi-Fi Routers Exposes Admin Password, WLAN Details

Comments Filter:
  • Why would any novice (Score:5, Informative)

    by invictusvoyd ( 3546069 ) on Tuesday February 17, 2015 @11:26AM (#49073709)
    want to "remote manage" their home router ? it's inherently dangerous . Someday we'll have a hardened DD-WRT for all major routers , easy enough to be used by anyone. Most of the firmware shipped by manufacturers is closed and is generally of low quality.
    • by drinkypoo ( 153816 ) <martin.espinoza@gmail.com> on Tuesday February 17, 2015 @11:37AM (#49073763) Homepage Journal

      isn't it easy enough to use dd-wrt or openwrt? I find the hard part to be installing it, if like me you try to install on random yard sale routers. I have a high success rate, but it has wasted a lot of time

      • by courtarro ( 786894 ) on Tuesday February 17, 2015 @02:28PM (#49073943) Homepage

        I love DD-WRT and have used it for years, but I get the impression it's a fragile project. The bulk of the work seems to rest on the shoulders of one or two people who only have so much time. I have always preferred Netgear's hardware with DD-WRT on top of it, but Netgear's latest product line (which has a TON of different router models ... way too many, IMO) has only partial support from the DD-WRT project. Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

        I really wish Netgear would just give up on Genie and pay DD-WRT to support development and license it as their official firmware. Rebrand it or something if you want, but give us the power of a real firmware. I've used Genie lately on the R6100 and found quite frustrating for anything fancier than a typical home wifi router use case. Security bugs like this only prove that they're failing to get it right on their own.

        It makes sense that Cisco doesn't want their Linksys-branded routers to be too powerful, since it might hurt sales of fancier Cisco stuff, but what's Netgear's excuse?

        • by adolf ( 21054 ) <flodadolf@gmail.com> on Tuesday February 17, 2015 @02:51PM (#49074231) Journal

          DD-WRT seems so splintered: A million different builds, of a million different versions, for a million different things.

          For comparison, Tomato is more monolithic. When a new version is prepared for release, all of the different builds are updated to that version. The builds themselves are genericized as much as possible: All old Broadcom-based MIPS routers (think WRT54G) get the MIPSR1 release, for instance.

          For everything else, there's OpenWRT.

          For my own purposes, I'm sticking with Asus routers. It seems like solid kit, and they sell the same hardware for years and years without the sneakiness that Linksys and Netgear do with routinely completely changing the underlying hardware while keeping the same model number.

          (Oh, and Belkin has owned Linksys for almost 2 years now.)

          • (Oh, and Belkin has owned Linksys for almost 2 years now.)

            That explains Everything. Well...almost. Linksys had been at Belkin's quality level for a few years before that.

            • Hasn't that always been the case?

              They struck gold with the WRT54G and WRT54GS (I still have a modded GS as a spare). But everything before or since has been garbage.

              Their nics are garbage, their switches always suck, and their early routers largely didn't route.

              Just sayin'.

              • OK - to be fair, while the WRT54G line was in production, I only used those. Never used anything else until they were done. Once the antenna was built-in rather than user-replaceable was the beginning of the end.

                I did own a BEFSR41 before that and that was garbage, but I don't think I had even heard of DD-WRT then.

                I've moved on to Asus (and Tomato) for now.

              • They struck gold with the WRT54G and WRT54GS (I still have a modded GS as a spare).

                You added cooling, right? Forgive me if we discussed this recently and I forgot, ISTR a conversation like that. But I've even done that, albeit half-assedly, and it didn't help. I did make places for the air to come from and go, but I don't know how much air actually flowed across the sinks or if there were other components overheating. I didn't have an IR thermometer then.

                I've had probably a dozen WRT54Gs, some of them GSes, and I think they pretty much suck too. They overheat reliably, that or their wall

                • by adolf ( 21054 )

                  Hmm. You know, I've never had an old, proper WRT54G/S (or the current GL model) die from heat death. I've got dozens of them scattered around. Radios get weak or strange after awhile (electron migration of somesuch), and maaaaybe I remember some swollen filter caps on one (which got repaired), but I don't consider any of that heat-death (and it's not like bad caps weren't ridiculously common for a time from almost every manufacturer of almost anything).

                  I've had the power supplies dive on me, which is pro

          • For comparison, Tomato is more monolithic.

            It does? There's many different flavors of tomato. That's one of the things that put me off to begin with.

            OpenWRT is like you describe, though. I've just put it on a routerboard rb411 and on a cute little PC (WebDT DT168) and in both cases the documentation is a big fragmentary so that's annoying, but once installed the experience is much alike and all the wiki pages are under one roof.

        • by tlhIngan ( 30335 ) <slashdot@wo[ ]net ['rf.' in gap]> on Tuesday February 17, 2015 @04:42PM (#49075387)

          Netgear's fanciest two routers, the R7500 and R8000, aren't yet supported. All we can do is sit and beg Brainslayer or Kong to spend time on them, but they've got a lot of irons in the fire.

          Well, the R7000 and R8000 are "open routers" per Netgear. The R7500... not so much.

          In fact, the R8000 has a DD-WRT port [myopenrouter.com]. As does the R7000 [myopenrouter.com].

          And while it takes a bit of hunting, Netgear's source code firmware for those are available as well. (Well, most of it, given the amount of proprietary drivers that are binary only).

          MyOpenRouter is usually where I go first when deciding if there's a particular Netgear router I want. (Netgear runs the site as a central place for all their "open" routers and alternative firmware. At least the routers they officially support as being "open").

        • My favorite wireless router is the Asus RT-N12. It's got two external antenna ports (SMA-type) and readily runs Tomato. Remote access via https and ssh, not to mention everything else that can be fine-tuned (like RF power output) I wouldn't have it any other way.

      • The second you say "firmware" or even worse "tftp" you've lost +99.9% of people out there.

        • The second you say "firmware" or even worse "tftp" you've lost +99.9% of people out there.

          Right, the install is the hard part. I mean, I just got a DIR-330 at a yard sale. It looks like it's going to be useful to me, but I've got to wire a CA-42 cable up to it. Just getting that part right is tricky enough since there's no standardization to those except at the business end. But if it came with openwrt, or dd-wrt, or tomato, I don't see that being a dealbreaker. Any of those are simple enough to configure, assuming the user is going to change the configuration anyway. I've found luci on openwrt

    • This is exactly what a novice might want to do, because they don't fully understand it.
    • One reason might be to manage which ports are forwarded, when not on-site.

      Say the noobie is running a hame host, or some other daemonized process, but hasnt figured out that he needs to keep those devices on static IPs inside his private network for ease of management. As a consequence, his game server might suddenly stop responding to remote requests, because the NAT table is pointing to an IP that the device no longer owns.

      Granted, this is a stretch. The noobie should have a remote management host insid

    • by afidel ( 530433 )

      The fact is since this is a web vulnerability it will be exploited by XSS attacks from compromised ad networks and also will be included in many exploit kits, you won't have to have remote management enabled for this to be exploited, it will just make it slightly more difficult if you don't.

      As to DD-WRT, if they supported the OpenDNS family settings with bypass accounts like the stock firmware I'd consider it, but for me it's a killer feature, and MAC based exceptions aren't an answer because we have shared

    • by Pontiac ( 135778 )

      All the models listed except the WNR2500 are supported by DD-WRT.

      Upgrade people! [dd-wrt.com]

    • I noticed my ISP recently upgraded my router's firmware even though I have kept the remote management feature off...
  • Once again, "cloud connected" devices are not properly secured.

    Shocker.

    • The Internet of rushed to market, horribly secured, never updated, easily pwn3d things.

      • by adolf ( 21054 )

        The Internet of rushed to market, horribly secured, never updated, easily pwn3d things.

        Is that a new problem? [cert.org]

        (To answer my own question: No, it's not. [wikipedia.org]

        • Of course it's not new ... but every day we see further examples how consumer electronics are pushed out with gaping security holes.

          Until corporations bear some penalty for doing security incompetently, this will continue.

          But what has to happen is actually holding corporations accountable for stuff like that ... instead of a click-through license which say "we make no promises our product doesn't suck or that we're not lying to you".

          Oddly, people seem opposed to corporations being accountable for their acti

    • by afidel ( 530433 )

      Uh, none of the listed models are cloud connected (that's reserved for the WNDR3800).

  • Default password (Score:5, Insightful)

    by jfdavis668 ( 1414919 ) on Tuesday February 17, 2015 @11:38AM (#49073775)
    I am always amazed at the number of times I have logged into wifi access points with the default admin password. I have actually logged in and fixed businesses configuration errors. If we can't even get people to change the password, all the rest of the security is useless.
  • by XxtraLarGe ( 551297 ) on Tuesday February 17, 2015 @02:25PM (#49073905) Journal
    Did you guys get hacked or what? It seems like this site has been down as much as it has been up lately...
    • Did you guys get hacked or what? It seems like this site has been down as much as it has been up lately...

      They went to get something to replace the NETGEAR. They'll be back from Walmart shortly.

  • by anwyn ( 266338 ) on Tuesday February 17, 2015 @02:39PM (#49074083)
    Once and for all: all proprietary router software must be assumed to be compromised. The NSA has been totally committed to ruthless information warfare against the population of the planet. There is no way a corporation can resist them. They consider themselves totally above the law.

    Do not buy a router unless OPENWRT supports it.

    Always overwrite what ever firmware came with the router with a new install of free software.

    The days when Joe Sixpack can just buy a router an plug it in are over! You must do this.

    Security experts need to take a close at uboot software commonly used to install alternate firmware. And check if NSA has hacked that up as well.

    • by wierd_w ( 1375923 ) on Tuesday February 17, 2015 @02:50PM (#49074229)

      Most consumer device deployments of uboot have a short (3 second) window in which they look for a tftp server broadcasting an update. This is very useful for developers of openwrt and pals, because it allows them to push a test image to the device's memory and boot on it.

      However, it could also be used as an attack vector against home grade routers, if the NSA had a REALLY invested interest in you. Orchestrating a system reboot of your open firmware back to uboot (say, by causing a severe memory corruption event or something similar which panics the kernel-- maybe a hidden function in the LAN asic perhaps) followed by tftp of a new compromised image using say, a compromised windows workstation in the target network to do the serving.

      You would have to completely replace the stock uboot on such routers to remove the small 3 second window.

      • Usually the only network interface UBoot is configured to use is on the local network side, on a wired interface and the IP address used is non-routable. You are not getting your alternate firmware loaded without being physically present with the router, connected by a wire, so some external party isn't going to compromise your router this way...

        • Usually the only network interface UBoot is configured to use is on the local network side, on a wired interface and the IP address used is non-routable.

          Which means if they compromised a machine on your LAN you're hosed. They now have your router firmware firmly under their control.

          Who needs an intercept in the ISP, lawful or otherwise, when they can have your router send them copies of whatever they want. (Not to mention using it to attack any other devices behind it and cooperate with malware on them.)

          • If they have a compromised machine on your network, you are hosed in more ways than them being able to change your router firmware. I think the bigest risk at that point is someplace else...

      • You would have to completely replace the stock uboot on such routers to remove the small 3 second window.

        There are replacement uboots for many devices. I'm not up on which routers have 'em. I replaced the uboot on my pogoplugs to make them better debian hosts. I may even start using the net booting feature.

  • It seems every few months someone discovers a vulnerability in a home router, and some websites even test multiple routers in a security "shoot-out". I've been reading these reports for years, but I've never seen an Apple router mentioned. Are Apple routers that much more secure or does no-one bother to test them?

  • Based on what my family knows from the intel agencies we worked in, it's a feature.

    What, you thought you lived in a Free Society, with Rights?

  • by Anonymous Coward

    I think most consumer grade routers are more inclined to be designed for simplicity of setup then security. Even today, a lot of tech challenged consumers find setting up a router challenging. But most router makers at least default to a secure wireless connection. Although plenty of end users never bother to change the Administrative password. Unfortunately security is not just about device makers taking steps. But rather the end user becoming smarter about how they should protect themselves. I think consu

  • I have a Netgear N300 Wireless Router Model WNR2000v2. I have no WiFi devices.

    In the router manager Web pages, I unchecked the checkboxes for "Enable Wireless Router Radio" and "Turn Remote Management On". I also unchecked all of the checkboxes under "Guest Network Settings", "Wireless Settings", and "Wireless Repeating Function". The wireless LED indicator on the router is not lighted.

    Therefore, I expect this is not a problem for me.

  • Don't you love the professionalism and issue escalation of the NETGEAR support team? Shows that we, the mere mortals, are not alone here at all!

    If even the security research guy can't get them to stop sitting on their arses, what the mere mortals without such pressing issues are left to do when they encounter the various bugs here and there?

Little known fact about Middle Earth: The Hobbits had a very sophisticated computer network! It was a Tolkien Ring...

Working...