Изилдөөчү эки Netgear Nighthawk роутерлеринде бир нече алсыздыктарды тапты

A security researcher has discovered a total of 11 serious vulnerabilities in recent firmware updates for the Netgear Nighthawk routers. The vulnerabilities have been patched by Netgear. For example, the routers store usernames and passwords in plaintext.

Tenable коопсуздук компаниясынын изилдөөчүсү Джими Себре тапкан кемчиликтер Nighthawk R6700v3 AC1750-камтылган программа нускасын 1.0.4.120 and in the Nighthawk RAX43, firmware version 1.0.3.96. The vulnerabilities vary, but are all serious to critical according to the researcher, and furthermore not all have been patched by Netgear.

The most critical vulnerability is registered as CVE-2021-45077 for the RS6700 and CVE-2021-1771 for the RAX43. The routers store usernames and passwords for the device and provided services in plaintext on the routers, also the admin password is in plaintext in the primary configuration file of the router, Бул тууралуу Себре өзүнүн сайтында жазат.

In addition, there is a risk that those usernames and passwords will be intercepted. In the RS6700v3, because the routers стандарттык HTTP колдонууand, instead of Https, for all communication with the web interface. Also the SOAP interface, on port 5000, байланыш үчүн HTTP колдонот, сырсөздөрдү жана колдонуучу аттарды кармоого мүмкүндүк берет.

SOAP интерфейси

Андан тышкары, роутер инъекциянын буйругуна алсыз аутентификациядан кийинки буйрук киргизүү катасы in the update software of the device. Triggering an update check through the SOAP interface leaves the device vulnerable to takeover via preconfigured values. Also, the UART console жетишсиз корголгон, бул UART порту аркылуу түзмөккө физикалык мүмкүнчүлүгү бар ар бир адамга аутентификациясыз туташуу жана тамыр колдонуучу катары тапшырмаларды аткарууга мүмкүндүк берет.

Also, the router uses hard-coded credentials for certain settings, so that a user cannot normally adjust certain security settings. These are encrypted, but according to the researchers табууга салыштырмалуу оңой with publicly available tools, allowing settings to be adjusted by anyone with access to the router. In addition, the router exploits several known vulnerabilities in jQuery libraries and in minidlna.exe, while more recent versions are available.

Netgear Nighthawk R6700

The vulnerabilities in the RS6700 have a CVE score of 7.1 on a scale of 1 to 10. That’s serious, but not critical. The main reason is that an attacker must have physical access to the router in order to exploit the vulnerabilities. In addition, exploiting the vulnerabilities in the SOAP interface is only possible if an attacker is already logged in. The vulnerabilities for the RAX43 have a score of 8.8 out of 10.

RAX43 демейки боюнча HTTP колдонот, деп жазат Sebree, and the uses the same bad jQuery libraries and vulnerable version of minidlna.exe. In addition, the RAX43 firmware has a vulnerability caused by two bugs. The first is a buffer overrun vulnerability, the second a command injection vulnerability. Combining the two allows someone to perform remote tasks as root, without authentication.

Netgear Nighthawk RAX43

Sebree writes that Tenable has notified Netgear of the vulnerabilities on September 30. Although Netgear initially responded to the report of the vulnerabilities in early October, it took a long time before anything was done about it. December 29, Netgear Интернетте алсыздыктар үчүн эскертүү коюңуз. There are also now орнотулган программаны жаңыртуу үчүн routers put online. Sebree decided on December 30 to disclose the vulnerabilities under the guise of responsible disclosure, even though Netgear has not yet actively pushed the firmware updates to users.

The Nighthawk RS6700 is a series of routers mainly aimed at home use. It is listed as the AC1750 Smart WiFi Router in the Pricewatch, and has been available since July 31, 2019. The vulnerabilities are in the роутердин үчүнчү версиясы. The RAX43 has been available since December 30, 2020.