This week we saw a proof of concept code published for how to remotely take over 79 different models of Netgear routers through a flaw in their embedded HTTP server used for managing the device.
Not all routers have patches available, but you are encouraged to update your router’s firmware if it is in the list below. Some of these routers go back to 2007, and some are past end of life by many years so patches may never be created.
More info including effected firmware versions hopefully will be posted by Netgear soon. Netgear was notified of this at the beginning of the year (2020) and had asked for extensions to the disclosure to the public but the latest extension has expired, thus the disclosure going public. For now, checking for the latest firmware is the best path I know of, and checking again later this month and the next.
This was found by two independent security researchers at roughly the same time. Adam Nichols from GRIMM, a cybersecurity firm, says that 758 different firmware versions are affected, and I have included that listing as a text file.
01/08/20 – ZDI reported the vulnerability to the vendor
04/30/20 – ZDI contacted the vendor requesting a status update
05/01/20 – The vendor requested an extension until the end of June
05/05/20 – ZDI agreed on extension until June 15th
05/28/20 – ZDI requested a status update
05/29/20 – The vendor requested an extension until the end of June
05/29/20 – ZDI declined the request and notified the vendor the case would be published as 0-day on 06/15/20
A couple of the reference articles: https://www.zerodayinitiative.com/advisories/ZDI-20-712/
Affected routers according to the researchers:
Director of Security Services
Mainstream Technologies Inc.