Two arbitrary code execution vulnerabilities affecting a number of Netgear routers aimed at small businesses have been patched following research by Immersive Labs.
The vulns rely on authenticated access to affected devices so aren't an immediate threat. They do, however, allow someone with remote access to the router to pwn the device's underlying OS, threatening the security of data passing through the router.
Helpfully, Netgear itself publishes default login credentials for "most" of its products on its website. If you haven't been into your Netgear router's admin panel and changed these default creds, you're at increased risk.
"This kind of command injection also adds persistence which means even if the router is restarted or updated, the vulnerability can persist," said Immersive Labs in a blog post about its findings.
Affected router and Wi-Fi extender models, according to Netgear's own patch notes, are:
Immersive said it had found a third exploitable vuln disclosing the device's serial number, which is used in Netgear's password reset process as an authentication measure.
"Netgear strongly recommends that you download the latest firmware as soon as possible," said Immersive.
Immersive's Kev Breen, director of cyber threat research, said although these vulns rely on having a valid username and password combination for an affected device, that isn't an automatic reason for shrugging one's shoulders: "There is still a valid threat surface and whilst it remains in the realms of 'Hackers Could' it is always important when considering security vulnerabilities to look past the traditional exploit methods and put yourself in the shoes of an attacker. How could they abuse this?"
With Britain making moves to ban default admin credentials this kind of problem should decrease in future.
On the flip side, there are already millions of routers in use today which don't comply with these proposed new regulations – so these kinds of vulns will continue to persist for a few years yet. ®