Home
 » ISP News » 
Sponsored

UPDATE Hackers Start to Exploit New NETGEAR Router Security Flaws

Saturday, October 10th, 2015 (8:22 am) - Score 3,777
security of broadband isp routers

Consumers who own any one of several NETGEAR broadband router models (JNR1010v2, JNR3000, JWNR2000v5, JWNR2010v5, N300, R3250, WNR2020, WNR614, WNR618) could be vulnerable to two new exploits that may allow a remote attacker to gain full control of your device.

Apparently these exploits, which were first discovered during the summer and have only recently been published online (here and here), only work over the Internet if the router has Wide Area Network (WAN) Administration enabled (this is not normally switched on by default). Otherwise the hacker would need to be physically near to your network.

A successful attack would grant the hacker unauthenticated root access, which could allow them to do various things, such as snooping on your network traffic by changing your DNS settings so that any website requests and inputs run through compromised servers.

A related report on the BBC shows that such attacks are already happening, although it’s not yet a huge problem because not everybody will have their device open to remote access. But some hackers do drive around looking for vulnerable networks to exploit.

NETGEAR are clearly aware of the problem and taking it seriously, in fact they’ve already developed a firmware fix, but they have yet to release an update for all of the affected routers. Device manufacturers can be lazy and tend to stop providing support for their routers after a few years, even though the kit may remain in use for a lot longer.

UPDATE 13th October 2015

The following is a new statement from NETGEAR, which yesterday released a new firmware fix for the stated router models.

A NETGEAR Spokesperson told ISPreview.co.uk:

NETGEAR takes customer security very seriously. A firmware update has been released to address the issue: http://kb.netgear.com/app/answers/detail/a_id/29959. NETGEAR is proactively notifying registered users via email, plus customers can find the new firmware by checking the firmware page, desktop, and mobile Genie app.

NETGEAR encourages its customers to ensure WiFi security is turned on and that remote access functionality is turned off (both default settings in NETGEAR’s routers and gateways). NETGEAR also advises customers to change the default password for the router to prevent unauthorised devices from accessing your network.”

Leave a Comment
3 Responses
  1. Avatar tonyp

    Will the FCC rules about fixed firmware in routers (ISPreview passim) prevent such hacking? By hackers/thieves/governments? Or will that make it even more difficult to fix hacked routers?

    It would be nice to know what is actually being sent or received over the link between my gateway router and my ISP’s node. A mirror port. Intelligent wiretapping in other words. But that would open a new vulnerability. (A light bulb in my head has just flicked on in that I have an old ADSL router – I will be on ADSL for a while yet – which could be ‘T’ed into the cable with just the RX pair to listen to the wire. Hmm…..)

    • Avatar Tom

      ADSL doesn’t work that way. There is only one pair. (Two wires).. carrying both send and receive.
      I have a linux router with tcpdump or remote wireshark 😉 However the BT Openreach modem could be injecting its own secret traffic on the VDSL layer and I wouldn’t know.

    • Avatar tonyp

      True, It was just a thought. I guess I could use OpenWRT on something. The lack of knowledge of what is on the wire reminds me of an old spoof cartoon of Busby (remember him of Gods Poor Orphans days) sitting at the top of a telegraph pole with a set of headphones listening. (Mind you, secret squirrel doesn’t have to go out in the wet and cold to tap a phone line.) I’m sure the new FCC rules will permit/mandate hooks in router code to allow the US security services (and their UK lapdogs) to listen in. Mind you, the Chinese probably have stolen a march on the US here – remember the fuss about Huewai. Russian router anyone?

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: FEB2020
  • Post Office £20.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Vodafone £21.95
    Avg. Speed 63Mbps, Unlimited
    Gift: None
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2618)
  2. FTTP (2408)
  3. FTTC (1712)
  4. Building Digital UK (1649)
  5. Politics (1511)
  6. Openreach (1487)
  7. Business (1304)
  8. FTTH (1198)
  9. Statistics (1141)
  10. Mobile Broadband (1105)
  11. Fibre Optic (1010)
  12. Ofcom Regulation (960)
  13. 4G (955)
  14. Wireless Internet (952)
  15. Virgin Media (910)
  16. EE (632)
  17. Sky Broadband (624)
  18. TalkTalk (608)
  19. Vodafone (577)
  20. 3G (433)
New Forum Topics
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact