14 DAY TRIAL // Microsoft identified vulnerabilities in Netgear routers while investigating the device fingerprinting functionality in Microsoft Defender for Endpoint. The company said in a blog post that it worked closely with the Netgear security team to resolve these problems as quickly and effectively as possible.
The bug was revealed after the management port of the DGN-2200v1 router was trying to be accessed by a device that did not belong to an IT staff member. The researchers investigated whether the connection had any security flaws that may be exploited in a hypothetical attack scenario because the connection had been flagged as abnormal by the machine learning algorithms.
Hackers can gain access to the router administration interface without any authentication
Not only could attackers can gain complete control of a router, but they could also access to router management pages without the need for authentication. Furthermore, a cryptographic side channel attack can reveal stored router login information, whereas the configuration backup and restore feature can be used to get the credentials saved in the device's memory.
Typically, the data is protected with DES using a unique key “NtgrBak”. This is beneficial to an attacker who is able to bypass the encryption in NVRAM and obtain the plaintext password. The same method can be used to access the user name.
Jonathan Bar Or of the Microsoft 365 Defender Research Team notes, "The continuous improvement of security solutions has forced attackers to explore alternative ways to compromise systems. The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer".
It is highly recommended that owners of the NETGEAR DGN2200v1 router download and install the most recent firmware in order to keep their devices secure and hence, counter any potential attack.