Routers are one of the most sensitive devices we have in the home. Their security must be looked at to the millimeter, since any vulnerability in them can cause spying on our entire network and home devices. Now, Netgear has been affected by a serious vulnerability that affects one of its series of routers.
Specifically, the affected series is the DGN2200v1 , a series of WiFi 4 routers for ADSL that a group of researchers claim can be used as an entry point to take complete control of a network.
Three vulnerabilities up to 9.4 severity
The three vulnerabilities have a CVSS score that ranges from 7.1 to 9.4, and affects all routers that have firmware 1.0.0.60 , which was released in December 2020 by the company to solve the problem. bug, and now we have learned of the vulnerability six months later as a margin for users to apply the new firmware manually.
The vulnerability basically allows full access to the router’s management pages by skipping the authentication process, so an attacker can remotely gain full control of the router. With this, the attacker can obtain the credentials stored in the router , including username and password, through the backup and restore function included in the router, and can even leave the factory router or open router ports to make it even more vulnerable.
The encryption of the keys is quite weak, so the attacker only has to use a dictionary attack to obtain it, since in addition the encryption key used is constant for all the credentials generated in these router models.
It is important to have the router always updated
The vulnerabilities have been discovered by the Microsoft 365 Defender team of researchers, and warn that more and more security flaws of this type are being found. There are more and more ransomware attacks through devices that are publicly available to the Internet. Therefore, it is necessary to analyze the security of each and every one of the devices that we have at home that are connected to the Internet , even those that may seem more innocuous or that have software for the sole purpose of managing the device on which are installed, as is the case with routers.
To install the latest version of the firmware it is necessary to go to the official Netgear website , enter the affected router model, and go to the download section. The latest firmware version available will appear there. Even your model is not among those affected, it is recommended that you look at the web pages of the manufacturers of your routers to check if you are running the latest version and thus be as protected as possible against all kinds of vulnerabilities. Fortunately, most fiber routers have automatic update mechanisms, but with ADSL routers this option was conspicuous by its absence.
