More wireless router firmware flaws, warns researcher
A security researcher has warned of more security holes affecting wireless routers, after flaws were discovered in firmware from D-Link and Netgear.
Tripwire researcher Craig Young said that he was working with several manufacturers to patch firmware holes, though he didn’t say which companies.
His comments come after a slew of reports from researchers on firmware holes, with the latest reported by Tactical Network Solutions researcher Zachary Cutlip.
“Unfortunately command injections like the Netgear one Zachary Cutlip and I both came across are all too common in embedded systems,” said Young. “There are a lot of consumer routers with these types of issues – [I’m] working with several vendors on this stuff at the moment.”
There are a lot of consumer routers with these types of issues
Cutlip last week discovered an authentication bypass vulnerability in the firmware for Netgear’s N600 Wireless Dual-Band Gigabit Router.
Analysing firmware for the WNDR3700v4 model, Cutlip found hackers could potentially bypass the authentication process on the router’s web-based controls. Another researcher exposed a similar flaw on the N900 router in April.
Netgear said it would patch the hole next month, and pointed out that any attack would require a hacker to be on the router’s LAN network through Wi-Fi, a wired connection or via remote access.
Earlier this month, D-Link issued emergency patches after another researcher, Craig Heffner, discovered a backdoor that allowed hackers remote access to admin settings.
Some researchers have advised switching to open-source firmware, such as DD-WRT, as a more secure alternative. However, Young said he had found a command-injection vulnerability with DD-WRT Version 24 Service Pack 2 which could allow a hacker to launch a denial-of-service attack.
“A remote attacker can potentially use [a cross-site request forger] from an authenticated client to remotely execute commands on the router as the root user,” he said. “This is also an easy way to DoS a system since you could potentially force it into a reboot loop.”
Young advised users to check regularly for firmware updates and to take steps to secure their network, such as revoking remote access and changing from the default password.