Netgear routers have been found with a series of security vulnerabilities detected by Microsoft which have the potential to compromise the data and other security layers of the Netgear router systems.
Critical Netgear security vulnerabilities:
Cybersecurity researcher Jonathan Bar Or, who is a part of the Microsoft 2365 Defender Research, was responsible for finding the Netgear router vulnerabilities.
According to the Microsoft research, three security vulnerabilities were found to have affected the Netgear DGN-2200v1 series routers which were operating on firmware version 22.214.171.124. The security holes had the potential to let malicious entities get access to any device’s internal systems.
The research was able to detect the vulnerabilities after observing peculiar patterns in the router’s management port. While communication was protected with TLS encryption, it was still flagged as an anomaly when machine learning models were applied.
Further research of these peculiar patterns revealed three HTTPs authentication flaws within the Netgear routers.
Microsoft detailing three critical bugs:
The first security vulnerability had the potential to allow the research team to get access to any page on a device. What is even more concerning is that some of these pages needed authentication to get access to. This was made possible by appending GET variables in requests within substrings, thereby allowing a full authentication bypass.
The second security bug that was found allowed attackers side-channel attacks on the devices. This was found as a consequence of improper verification of users via HTTP headers.
The third vulnerability utilized the prior authentication bypass bug to extract the router’s configuration restore a file that was encrypted using a constant key, “NtgrBak,” allowing remote attackers to decrypt and extract stored secrets.
After the research, the Microsoft Security Vulnerability Research program saw to it that Netgear was made aware of these critical security vulnerabilities
The Netgear security vulnerabilities were subsequently patched up and addressed in security advisory in December.
The bugs have been assigned as PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365 and have been issued CVSS severity scores of between 7.1 and 9.4, rating them as critical.
It is recommended for Netgear users that they install the latest version of the firmware available for the routers.