Microsoft reveals authentication failures, system hijack vulnerabilities in Netgear routers
On June 30, Microsoft revealed a series of vulnerabilities in Netgear routers that could potentially lead to data leaks and full system compromise. The vulnerabilities were patched prior to public disclosure due to their nature. The series of bugs impact DGN-2200v1 series routers and could be exploited by an attacker to roam untethered throughout an entire organization, according to Microsoft. Microsoft’s security team discovered the vulnerabilities are detecting strange behavior in the router’s management port. Upon investigation of the router firmware, security researchers were able to uncover three HTTPd authentication flaws in the device.
The first flaw allowed the security team to access any page on a device, including those that require authentication. The flaw operated by appending GET variables in requests within substrings, allowing for authentication bypass. The second flaw permitted side-channel attacks and was found in how the router verified users through HTTP headers. According to Microsoft, attackers could exploit this bug to extract stored credentials. The third vulnerability utilized the prior authentication bypass bug to extract configuration restore files. Microsoft contacted Netgear to disclose the vulnerabilities. They have since been patched by Netgear and have been issued CVSS severity scores ranging from 7.1 to 9.4.