Once again the NetGear Routers are in the headlines for a serious security issue, nearly 500o devices are exposed to DNS Monitoring.
The security researcher Joe Giron has discovered a serious vulnerability in Netgear router that could be exploited by attackers to change the Domain Name System (DNS) settings of the targeted Netgear routers.
By changing the DNS setting an attacker has different attack options, he can hijack traffic for espionage or to redirect victims to malicious domains that host exploit kits which serve malware.
Giron has disclosed its findings to the BBC, he noticed that someone hacked his router on September 28 and changed the Domain Name System (DNS) settings.
“Joe Giron told the BBC that he discovered altered admin settings on his personal router on 28 September. The compromised router was hacked to send web browsing data to a malicious internet address.” states the post published by the BBC.
Giron reported the hack to Netgear firm, the response of the company was not convincing because it admitted the existence of the flaw affecting its devices, but remarked it “affects fewer than 5,000 devices.”
Giron and the other 5000 users have no choice, they have to turn off their NetGear router … and this is what the researcher has done.
Jonathan Wu, senior director of product management at Netgear confirmed that the flaw affecting the devices is very serious.
“Is it serious? Yes, it definitely is.” said Wu.”Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don’t want it to go to.”
However, in the “hack” of the Giron’s NetGear router, the device settings had been configured in a way that he has not disabled the security setting, so how the attacker accessed the network remotely?
According to security researchers Daniel Haake and Alexandre Herzog of Compass Security in Switzerland, the security flaw allows attackers to gain access to the router settings without needing to provide login credentials,
Mr Giron believes that attackers gained the remote access because his NetGear router settings had been configured to allow access from outside his network.
Netgear announced that a patch will be released by October 14 to solve the issue.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.