NetGear Router Exploit?

http://www.bbc.co.uk/news/technology-34491583

"Is it serious? Yes it definitely is," said Jonathan Wu, senior director of product management at Netgear, one of the top three router brands in the US.
"Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don't want it to go to."
However, Mr Wu added that attackers would have to get access to the network first and then guess the admin password.
Mr Giron thinks that in his case, access was gained because his router settings had been configured so that they could be accessed remotely."

So..where's the exploit? The owner chose to configure their router so that it was visible from the WAN then someone else guessed the password and reconfigured the DNS settings.

Possibly it's just a badly written article but I don't see anything here that needs a firmware update.

In reply to a post by Andrue:

... but I don't see anything here that needs a firmware update.

Possibly a brainware update to choose a better password for remote access

Affects just 5,000 routers too if what I read was correct.

In reply to a post by Andrue:

...Possibly it's just a badly written article...

I agree - a mention of the router model would have made sense!

In reply to a post by MrSaffron:

Affects just 5,000 routers too if what I read was correct.

Perhaps that's the number of people Netgear have estimated to have configured their router for WAN access

Anyway glad I hadn't missed some important technical detail in the article.

Better still, change the admin username.

In reply to a post by Andrue:

Mr Giron thinks that in his case, access was gained because his router settings had been configured so that they could be accessed remotely."

So..where's the exploit? The owner chose to configure their router so that it was visible from the WAN then someone else guessed the password and reconfigured the DNS settings.

Wonder if it's anything to do with this?

There was a long list of domestic/SME routers which were supposedly vulnerable to this exploit but I can't find the link.

Can't do that on (some) Netgear routers

In reference to kb.netgear.com/app/answers/detail/a_id/12923/~/router-initial-setup...:

Can I change the router login username to something other than admin?

No, the router login username cannot be changed. Only the admin password can be changed.

Edited by cheshire_man (Sat 10-Oct-15 16:50:04)

Agreed, this one doesn't look like an exploit to me. I suppose router manufacturers could hand-hold by issuing every router with a unique admin password, or refusing to open WAN-side admin with the default password, but it's not what I'd call an exploit.

D-Link however have had multiple routers which can have their DNS servers altered by an unauthenticated attacker issuing a single HTTP request to their routers, including TalkTalk's popular DSL-3680: http://www.ispreview.co.uk/index.php/2015/03/uk-isp-...

Edited by Oliver341 (Sat 10-Oct-15 17:54:26)

That shows how often I changed it on my four Netgears .