-
Netgear router vulnerability found (again), what can you do?
Recently, researchers found an unpatched zero-day vulnerability in Netgear routers that potentially puts 79 device models at risk.According to the Zero Day Initiative:
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
In essence, this vulnerability enables an attacker to take control of your router without knowing the router password.
Worse yet, since the vulnerability occurs before the Cross-Site Request Forgery (CSRF) token is checked, an attacker can break into your router when you browse a web page that contains malicious content..
News, but nothing new
While this story may sound new, it is actually a repeating story. Enter “netgear router csrf” into Google, I found similar stories year after year.
What can you do?
Here are several things you can do:
- Update your router firmware when the patch is released
- Buy a new router
- Flash your router with open source firmware, such as OpenWrt or DD-WRT
- Buy a router built with open source firmware, such as pcWRT
The caveat with option 1 is, for some devices in the vulnerable list, Netgear no longer releases updates. Even if you get an update or get a new router, are you sure the same type of vulnerabilities won’t come back to bite you next year?
In our opinion, switching to open source firmware is the only viable option in the long run. Open source projects usually release security updates faster, and they support legacy hardware longer.
What can you do if none of the above is an option?
At the very least, you should try to stop CSRF. To do it properly, you need three steps:
- If you are using the default router password, change it. Choose a strong password. People have different opinions about what “strong” means, but you can’t go wrong with “long”.
- Change your router’s IP address. The hacker needs to know your router’s IP address in order to carry out a CSRF attack. Avoid common router IP addresses such as 192.168.0.1, 192.168.1.1, etc. Something like 172.25.152.1 with netmask 255.255.255.0 would make it harder for a hacker to guess. But make sure you pick an ip address from the private IP address range.
- Disable WebRTC in all your browsers. WebRTC leaks your internal IP address, which defeats the purpose of step 2 above. Just Duck how to disable WebRTC to find out how.
Warning: do not install browser extensions to disable WebRTC. It is not necessary and it may bring additional security risks.
Recent Posts
- How to reset the pcWRT router
- How to create your SSH key and use it on the router
- How to reset router password by email
- How to set up SurfShark WireGuard VPN on the pcWRT router
- How to set up Proton VPN WireGuard on the pcWRT router
Recent Comments
- on How to create your SSH key and use it on the router
- on How to create your SSH key and use it on the router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to setup TunnelBear OpenVPN on the pcWRT router
- on How to enable native dynamic DNS on the pcWRT router
Archives
- April 2024
- March 2024
- August 2023
- May 2023
- February 2023
- June 2022
- December 2021
- November 2021
- August 2021
- January 2021
- December 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- February 2020
- January 2020
- December 2019
- October 2019
- December 2018
- August 2018
- July 2018
- June 2018
- January 2018
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- January 2017
- August 2016
- May 2016
- December 2015
- August 2015
- July 2015
- May 2015
- April 2015
- March 2015
Categories
