"Microsoft Reveals Authentication Failures, System Hijack Vulnerabilities in Netgear Routers"
Microsoft's team of security researchers discovered three vulnerabilities in Netgear DGN-2200v1 series routers, running firmware before v1.0.0.60. The researchers have stressed that these vulnerabilities could allow attackers to roam freely through an entire organization as their exploitation enables data leaks and full system compromise. The series of vulnerabilities were discovered after noticing strange behavior in a Netgear DGN-2200v1 router's management port. Although communication was protected with TLS encryption, it was still flagged as anomalous when Machine Learning (ML) models were employed. Further investigation of the router firmware revealed three HTTPd (Hypertext Transfer Protocol daemon) authentication flaws. The first vulnerability enables access to any page on a device, including those that should require authentication, such as router management pages. The second flaw allows the launch of side-channel attacks. This flaw stems from how the router verifies users via HTTP headers. The exploitation of this vulnerability could allow attackers to extract stored credentials. The third security flaw utilizes the previous authentication bypass bug to extract the router's configuration restore file, which was encrypted using a constant key. Remote attackers could use this vulnerability to decrypt and extract stored secrets. Netgear learned about these security issues through the Microsoft Security Vulnerability Research (MSVR) program and then patched them. The bugs have been issued CVSS severity scores between 7.1 and 9.4. This article continues to discuss the critical security bugs that allow the takeover of Netgear routers and the growing number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems.