|
|
http://www.bbc.co.uk/news/technology-34491583
"Is it serious? Yes it definitely is," said Jonathan Wu, senior director of product management at Netgear, one of the top three router brands in the US.
"Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don't want it to go to."
However, Mr Wu added that attackers would have to get access to the network first and then guess the admin password.
Mr Giron thinks that in his case, access was gained because his router settings had been configured so that they could be accessed remotely."
So..where's the exploit? The owner chose to configure their router so that it was visible from the WAN then someone else guessed the password and reconfigured the DNS settings.
Possibly it's just a badly written article but I don't see anything here that needs a firmware update.
---
Andrue Cope
Brackley, UK
|
|
|
... but I don't see anything here that needs a firmware update. Possibly a brainware update to choose a better password for remote access 
|
|
|
Affects just 5,000 routers too if what I read was correct.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
...Possibly it's just a badly written article... I agree - a mention of the router model would have made sense!
|
|
|
Affects just 5,000 routers too if what I read was correct. Perhaps that's the number of people Netgear have estimated to have configured their router for WAN access 
Anyway glad I hadn't missed some important technical detail in the article.
---
Andrue Cope
Brackley, UK
|
|
|
Better still, change the admin username.
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
Mr Giron thinks that in his case, access was gained because his router settings had been configured so that they could be accessed remotely."
So..where's the exploit? The owner chose to configure their router so that it was visible from the WAN then someone else guessed the password and reconfigured the DNS settings. Wonder if it's anything to do with this?
There was a long list of domestic/SME routers which were supposedly vulnerable to this exploit but I can't find the link.
|
|
|
Can't do that on (some) Netgear routers Can I change the router login username to something other than admin?
No, the router login username cannot be changed. Only the admin password can be changed.
Tony
We have more and more laws, and less and less enforcement
Edited by cheshire_man (Sat 10-Oct-15 16:50:04)
|
|
|
Agreed, this one doesn't look like an exploit to me. I suppose router manufacturers could hand-hold by issuing every router with a unique admin password, or refusing to open WAN-side admin with the default password, but it's not what I'd call an exploit.
D-Link however have had multiple routers which can have their DNS servers altered by an unauthenticated attacker issuing a single HTTP request to their routers, including TalkTalk's popular DSL-3680: http://www.ispreview.co.uk/index.php/2015/03/uk-isp-...
Oliver.
Edited by Oliver341 (Sat 10-Oct-15 17:54:26)
|
|
|
That shows how often I changed it on my four Netgears .
The indispensable man or woman passes from the scene, and what happens next is more or less the same thing as was happening before.
My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - AAISP Home::1 80/20. Sync 59999/14372kbps @ 600m. - BQM
|
|
|
http://seclists.org/fulldisclosure/2015/Oct/29
It's an authentication bypass. Vulnerabilities in router web servers are incredibly common. Never enable remote web administration on a router.
|
|
|
|
Says no fix as of yet. Surely a simple fix is to disable remote acess?
|
|
|
|
|
|
|
|
I've got a VPN server running on our network in order to configure,administrate and access the network remotely so basically you've to create a secure tunnel with a certificate into the network first.
The only open ports are for the web servers and HTTPS NAS access (via proxy server).
I think it's more secure to do it that way rather than opening the Netgear router or any other device on the network to be configured by WAN admin access.
|
|
|
http://seclists.org/fulldisclosure/2015/Oct/29
It's an authentication bypass. Vulnerabilities in router web servers are incredibly common. Never enable remote web administration on a router.
Similar to the D-Link one then, unauthenticated access to WAN-side admin. I use remote admin only when I can firewall all addresses other that the one that needs access.
But still, there's no excuse for such vulnerabilities.
Oliver.
|
|
|
However, Mr Wu added that attackers would have to get access to the network first and then guess the admin password.
That sentence doesn't seem to be in the article? Was it in there and they've deleted it?
The article suggests the password is not needed as the vulnerability is you can access the router bypassing the security. If the password is needed then it is not a security flaw as such as they were just changing DNS settings which is something you can do if you have the password.
|
|
|
However, Mr Wu added that attackers would have to get access to the network first and then guess the admin password.
That sentence doesn't seem to be in the article? Was it in there and they've deleted it?
Yes, they've edited it. It now more closely reflects the information posted here.
---
Andrue Cope
Brackley, UK
|
|
|
|
|
Pages in this thread: 
Print Thread
Andrue
A friend surfing in