Netgear router vulnerabilities could put small businesses at risk

DMCA / Correction Notice
- Advertisement -


Netgear has released a set of updated firmware for its small business routers and Wi-Fi extenders after security researchers at Immersive Labs discovered several vulnerabilities in several models.

- Advertisement -

If exploited, these vulnerabilities could be used to gain unauthorized access to devices or even modify internal file systems, according to a new blog post from the cybersecurity firm. This can be done to affect the traffic passing through the device.

Two vulnerabilities, tracked as PSV-2021-0169 and PSV-2021-0172, make it possible to gain authenticated access to affected Netgear devices. Once done, an attacker can modify the settings in the administration panel to run arbitrary commands on the victim’s router. However, this type of command injection also adds persistence, meaning that the vulnerability may still persist on the affected device even if the router is restarted or updated.

advertisement

Additionally, the command can be used to open other ports or to allow command line access over a network to a victim’s operating system. With operating system access, a malicious user can significantly affect the availability of one of Netgear’s routers and the data passed through it.

reset router password

- Advertisement -

Another vulnerability, tracked as PSV-2021-0171, discovered by Immersive Labs in Netgear’s routers, could have been exploited by an attacker with access to a local network.

By doing so, they can make a request to the router’s UPnP port and see the device serial number. While it may seem harmless enough at first, keep in mind that this serial number is used as part of the password reset function on most Netgear devices.

Although the chances of an attacker exploiting these vulnerabilities are considered low by security researchers at Immersive Labs, a legitimate threat still surfaces. By taking advantage of these three vulnerabilities, it is possible to add new files and configurations to any affected device that can even survive a device reset. Plus, it would also be possible to block future firmware updates to keep the compromised device in this state.

Thankfully, Netgear has now released patches for all of its affected small business routers that you can download here.

We have also highlighted Best Small Business Router, best wi-fi extender, Best Endpoint Protection Software And best firewall

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories