[Infowarrior] - Netgear working to fix flaw that left thousands of devices open to attack

[Richard Forno]

Netgear working to fix flaw that left thousands of devices open to attack

Several routers in the Nighthawk line affected, CERT recommends customers discontinue use

CSO | Dec 12, 2016 4:00 AM PT

A remotely exploitable vulnerability in the Nighthawk line of Netgear routers was disclosed on Friday.

The flaw leaves customers exposed to having their connections hijacked, as someone exploiting the vulnerability can take complete control of the device. Despite having months to address the problem, Netgear has yet to publish a fix.

The vulnerability was discovered in August by Andrew Rollins, a security researcher from St Louis, MO. Rollins, who uses the handle Acew0rm, notified Netgear about the problem on August 25, but the company never responded to him. After waiting a few months, Rollins disclosed the vulnerability to the public, where it was brought to the attention of CERT.

If exploited, an attacker could issue basic commands to the device by appending them to the end of a specially crafted URL. Such commands could enable Telnet, or otherwise provide full control to the attacker.

< -- >

http://www.csoonline.com/article/3148695/security/netgear-working-to-fix-flaw-that-left-thousands-of-devices-open-to-attack.html

--
It's better to burn out than fade away.