14 DAY TRIAL // Vulnerabilities in some Netgear SOHO (Small Office Home Office) routers discovered by security researchers at Shell Shock Labs and Compass Security have been publicly used in the wild, allowing attackers to redirect a user's Web traffic through their own servers.
The issue was reported by Joe Giron to the BBC, stating that he was forced to investigate this router's behavior after he observed some Web traffic and reliability issues.
Since Mr. Giron was an avid user of Google's DNS servers, he was quick to spot the problem in his equipment's configuration.
According to researchers at Shell Shock Labs, the issue is that some router models allow attackers to change configuration settings without providing proper authentication credentials.
This issue affects at least 9 Netgear models (NETGEAR_JNR1010v2, NETGEAR_JNR3000, NETGEAR_JWNR2000v5, NETGEAR_JWNR2010v5, NETGEAR_N300, NETGEAR_R3250, NETGEAR_WNR2020, NETGEAR_WNR614, NETGEAR_WNR618), of which Netgear confirms that only around 5,000 are in use.
To exploit this bug, an attacker would only need access to the router's internal network, where he could skip authentication procedures by accessing an unprotected HTML page.
After this, access to the full administration panel is granted, from where attackers can set up MitM (Man-in-the-Middle) attacks by redirecting traffic through an intermediary point which the hackers can watch over.
Netgear did fix the issues in a beta firmware patch sent to Compass Security, but the fixed firmware is not released to the public yet.
