A warning has been issued about what appears to be a serious security issue affecting several Netgear WiFi routers, and could result in hackers stealing sensitive information, including admin passwords and wireless keys.
Details of the vulnerability were published (alongside proof-of-concept exploit code) by security researcher Peter Adkins, who explained that the flaw lay in the SOAP service embedded inside the vulnerable Netgear routers.
SOAP (Simple Object Access Protocol) is used by the Netgear Genie desktop app to provide an easy way for users to peform a number of functions on their router, including setting up parental controls, changing wireless credentials etc.
Adkins found a way to send carefully-crafted HTTP requests to the SOAP service embedded inside the routers, tricking them to execute commands without the session having been authenticated. Sensitive information can then be accessed.
In short, someone malicious connected to your WiFi network could exploit the vulnerability to obtain the administrator password, details of the wireless network, the device’s serial number and details on what clients are connected to the router.
But things get even worse if you have enabled remote management on a vulnerable Netgear router, as hackers could then exploit them remotely across the internet.
It is reported that the vulnerability has been confirmed to be present in the NetGear WNDR3700v4, NetGear WNR2200, NetGear WNR2500, NetGear WNDR3700v2, NetGear WNDR3700v1, NetGear WNDR4300, NetGear R6300v2, and NetGear WNDR3800. In addition it is believed that the NetGear WNDRMAC, NetGear WPN824N and NetGear WNDR4700 may also be affected, and Adkins warns that the vulnerability may also be present in other devices not yet known about.
Adkins claims that he attempted to explain the issue to Netgear’s support team in January (having failed to find a more direct route to raise a security issue) but was disappointed with their response:
The initial response from NetGear support was that despite these issues “the network should still stay secure” due to a number of built-in security features. Attempts to clarify the nature of this vulnerability with support were unsuccessful. This ticket has since been auto-closed while waiting for a follow up. A subsequent email sent to the NetGear ‘OpenSource’ contact has also gone unanswered.
So, what should you do? Well, while you are waiting for a security patch from Netgear the most sensible courses of action would appear to be to ensure that remote management is disabled on your device, and only allow trusted devices to access your local network.
You may also wish to lobby Netgear to set up a clear and obvious channel through which security vulnerabilities should be reported, as it appears that Adkins’ attempts to find someone who understood the seriousness of the issue inside Netgear’s regular technical support team failed.