Netgear security teams announced the correction of three security flaws in their routers. According to the report, successful exploitation of reported flaws would allow threat actors to bypass security mechanisms in corporate networks to steal sensitive information. The flaws reside in the Netgear DGN-2200v1 series family of routers and were discovered by Microsoft security researchers while trying to take digital records from an affected device.
The flaws were identified by the manufacturer as PSV-2020-0363, PSV-2020-0364 and PSV-2020-0365 and so far do not feature CVE tracking key. These vulnerabilities did receive scores according to the Common Vulnerability Scoring System (CVSS) ranging from 7.4/10 to 9.4/10.
The researchers mention that attackers can abuse these flaws to compromise a router’s management pages without needing to log in to the system, in addition to the ability to perform side-channel attacks to access credentials saved on vulnerable devices.
After noticing something strange, the researchers downloaded the firmware of one of these devices and discovered that anomalous communication used the standard port, so they decided to delve into their finding using the QEMU tool, an open source emulator.
Examining how HTTPd dictates which pages should be served without authentication, the researchers found pseudocode such as the first-page handling code within HTTPd, which automatically approves certain pages as “form.css” or “func.js.”
Although this is not a problematic condition in itself, Netgear employs ‘strstr’ to check if a page has JPG, GIF, or ess_ substrings, trying to match the entire URL. In other words, researchers were able to access any page on the device, including those that require authentication, by simply adding a GET variable with the corresponding substring.
The researchers managed to abuse the first vulnerability, an authentication bypass bug, to see if they could recover the username and password used by the router, focusing specifically on the device’s backup and restore feature. By reverse engineering the functionality, they found that this was a relatively simple process.
For further reports on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses fell free to visit the International Institute of Cyber Security (IICS) websites, as well as the official platforms of technology companies.