banner



Millions of Wi-Fi routers vulnerable to hacker attack — what you need to do

Millions of Wi-Fi routers vulnerable to hacker attack — what you demand to exercise

Lifestyle image of the Netgear Nighthawk R6700 Wi-Fi Router on a desk next to a computer monitor.
(Paradigm credit: Netgear)

UPDATED Jan. 15 with annotate and information from TP-Link.

A severe security flaw could let malicious hackers attack and take over millions of home Wi-Fi routers over the internet, researchers disclosed today (Jan. 11).

So far, simply Netgear is known to have released patches for its afflicted models, although routers fabricated by Edimax, D-Link, Tenda, TP-Link and Western Digital are also believed to be vulnerable.

"This vulnerability affects millions of devices around the world and in some instances may exist completely remotely accessible," wrote Spotter Labs researcher Max van Amerongen in a visitor blog post.

Successful router hijacks would let a hacker command all aspects of a victim'south internet traffic and stage further attacks such as sending users to phishing sites or infecting other devices on the network.

While there are no known exploits of this flaw in the wild still, Van Amerongen added that "there is a chance that one may become public in the future despite the rather significant complexity involved in developing one."

Which router makers are doing what

If you take one of the three Netgear models known to be vulnerable — the D7800, R6400v2 and R6700v3 — nosotros have update instructions below.

For its part, D-Link has posted a brief annotation on its website stating that the company is "currently investigating this reported security consequence" and "volition provide further updates as soon as we accept more information."

A D-Link spokesperson told united states that the company has not used the affected software in new models for several years following a similar vulnerability discovered in 2015.

Equally for the other router brands, we've sent them requests for information and will update this story when we receive replies.

In the meantime, we suggest that users of those other brands bother the manufacturers' tech-support teams with email messages asking for information nearly which models might be affected and if and when the router makers plan to set the flaw.

Where the problem lies

The problem exists in NetUSB, a Linux kernel module developed by Taiwanese company KCodes that lets devices — such equally a printer or network-ready storage drive — get local-network access through the router's USB port.

Van Amerongen of Sentinel Labs noticed that NetUSB listens for not only local-network commands on port 20005, but internet commands as well, with no countersign or other authentication required.

He found it possible to create a memory-buffer overflow by sending NetUSB specific commands on that port number, gaining control over a router'southward Linux kernel. Needless to say, that'south not expert. Van Amerongen admitted that for technical reasons, doing this properly was a bit tricky merely still viable for skilled attackers.

"While these restrictions make information technology difficult to write an exploit for this vulnerability," he wrote, "we believe that it isn't incommunicable so those with Wi-Fi routers may need to await for firmware updates for their router."

How to update afflicted Netgear routers

Sentinel Labs notified KCodes of the flaw on Sept. 9, 2021, and a NetUSB patch fixing the flaw was issued to vendors on Oct. four. Netgear'south patches were released on Dec. twenty.

The iii Netgear models affected are the D7800, otherwise known as the AC2600 WiFi VDSL/ADSL Modem Router; the R6400v2, aka the AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit; and the R6700v3, also known as the Nighthawk AC1750 Smart WiFi Dual Ring Gigabit Router.

Netgear has this addiction of marketing its routers according to their technical specifications rather than their actual model numbers, and every bit a result customers volition have to cheque their routers for stickers that designate the model number.

All three models affected look like the router in the photo above, except that the D7800 has four antennae while the other ii have three. Note that there are earlier versions of the R6400 and R6700 that look identical but have different innards and are either non afflicted by this flaw or have reached the end of their working lives (and hence need to exist replaced).

Fortunately, the master firmware-update procedure on all three models is the same and not difficult. (The R6400v2 and R6700v3 are also compatible with the Netgear Nighthawk smartphone app for iOS and Android, so if yous have that installed on your phone, only use the app.)

Yous offset need to access the router's administrative interface from a estimator connected to the router's network, which you tin can practise by opening a web browser and typing either "www.routerlogin.internet", "192.168.1.one" or "192.168.0.1" into the address bar and hit Render or Enter on your keyboard.

Log into the admin interface with the administrative credentials. The username is probably "admin," unless you changed information technology, plus the admin countersign that y'all chose when you fix up the router.

If you didn't change that admin password, and so it's probably just "password," and you absolutely need to change it to something stronger as soon as y'all're done with this chore.

In one case yous've logged into the admin interface, click the "Avant-garde" tab, then "Administration," and finally "Router Update." A new page will load, and you need to click "Check." If an update is available, click Yes to the prompt that asks you whether you lot want to download and install the update.

The router volition download the update and restart. Once it's washed, you'll need to log back into the admin interface over again and follow the same path to the router-update page.

Check to see that the most recent firmware update has been installed. For the D7800, you want firmware version 1.0.1.68; for both the R6400v2 and the R6700v3, it's firmware version 1.0.4.122.

What if you lot can't remember your admin countersign?

What practice y'all exercise if you've completely forgotten your admin password and tin can't log into the interface? And so you need to factory-reset the router by pressing the reset push on the dorsum.

Unfortunately, you lot'll and so need to go through the entire setup procedure again, merely that's still better than having a vulnerable router.

Late on Jan. 14, a TP-Link representative told the states that some of its routers were indeed affected by this flaw, and nosotros were directed to this TP-Link support page for more than information: https://world wide web.tp-link.com/us/support/faq/3279/

Three models, the Archer C7 V5, Archer C1200 V2 and Archer C5400 V1 take patches bachelor. Instructions for installing the patches are on the TP-Link support page.

The TP-Link representative told us that patches for other models were being developed.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has too been a dishwasher, fry cook, long-booty driver, code monkey and video editor. He'south been rooting around in the data-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'south Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Goggle box news spots and even moderated a panel discussion at the CEDIA home-technology conference. You tin can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/router-attack-netusb-flaw

Posted by: birknerty1950.blogspot.com

0 Response to "Millions of Wi-Fi routers vulnerable to hacker attack — what you need to do"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel