(Netgear maddeningly obscures its model numbers in its marketing materials "AC1750" is a Wi-Fi specification, not a model number.) VNPT ISC's d4rkn3ss found this attack worked on a Netgear R6700 router, marketed under the name Netgear Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router. "Thus, our overflow in the update process is also able to be triggered without authentication."Īs Nichols put it in his very detailed blog post: "1996 called, they want their vulnerability back."
"The entire update process can be triggered without authentication," Nichols wrote in a GitHub entry, which also includes a proof-of-concept exploit. įrom there, a input that was too long would trigger a buffer overflow - a very basic type of attack - that would give the attacker full power over the router and be able to run code on it. '1996 called, they want their vulnerability back'īoth GRIMM's Adam Nichols and a VNPT ISC researcher identified only as "d4rkn3ss" discovered that they could use a specific text string on two different models to put the routers into update mode, bypassing the login process for the Netgear administrative interface. The best way to avoid DNS rebinding attacks might be to change your router's DNS settings to the free OpenDNS Home service, which will let you filter out those IP addresses reserved for local networks so that no DNS requests go to them. The website could then use JavaScript or other code on the website to attack that device - in this case, a Netgear router.
If you were to land on the attacker's website, the attacker could quickly manipulate DNS settings so that a request for a particular website was changed to point to a device inside your home network. In a DNS rebinding attack, the attacker would have to control both a malicious website and a DNS server, one of the so-called "phone books" of the internet. There's also a risk that malicious actors could use DNS rebinding attacks to exploit this flaw, even on Netgear routers whose administrative settings are locked down, Lawrence Abrams at Bleeping Computer pointed out. Because IP addresses can randomly (albeit infrequently) change on the local network, you could end up being locked out of administrative access, and would have to factory-reset the router manually to regain that access.
The danger with that last solution is that the designated administrative machine must be specified by its IP address. To prevent that, try to specify that only one machine on the local network can access the administrative interface. That won't quite solve the problem, as anyone with access to your local network might still be able to exploit the flaw. You want to make sure that remote management is turned off so that no one can access your router's administrative settings from an external network, i.e.
0 kommentar(er)
