More wireless router firmware flaws, warns researcher

A security researcher has warned of more security holes affecting wireless routers, after flaws were discovered in firmware from D-Link and Netgear.

Tripwire researcher Craig Young said that he was working with several manufacturers to patch firmware holes, though he didn’t say which companies.

His comments come after a slew of reports from researchers on firmware holes, with the latest reported by Tactical Network Solutions researcher Zachary Cutlip.

“Unfortunately command injections like the Netgear one Zachary Cutlip and I both came across are all too common in embedded systems,” said Young. “There are a lot of consumer routers with these types of issues – [I’m] working with several vendors on this stuff at the moment.”

There are a lot of consumer routers with these types of issues

Cutlip last week discovered an authentication bypass vulnerability in the firmware for Netgear’s N600 Wireless Dual-Band Gigabit Router.

Analysing firmware for the WNDR3700v4 model, Cutlip found hackers could potentially bypass the authentication process on the router’s web-based controls. Another researcher exposed a similar flaw on the N900 router in April.

Netgear said it would patch the hole next month, and pointed out that any attack would require a hacker to be on the router’s LAN network through Wi-Fi, a wired connection or via remote access.

Earlier this month, D-Link issued emergency patches after another researcher, Craig Heffner, discovered a backdoor that allowed hackers remote access to admin settings.

Common problem

Some researchers have advised switching to open-source firmware, such as DD-WRT, as a more secure alternative. However, Young said he had found a command-injection vulnerability with DD-WRT Version 24 Service Pack 2 which could allow a hacker to launch a denial-of-service attack.

“A remote attacker can potentially use [a cross-site request forger] from an authenticated client to remotely execute commands on the router as the root user,” he said. “This is also an easy way to DoS a system since you could potentially force it into a reboot loop.”

Young advised users to check regularly for firmware updates and to take steps to secure their network, such as revoking remote access and changing from the default password.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.