Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said.

Researchers have discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said.

The flaw, a memory-safety issue present in the firmware’s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative (ZDI) by a researcher called “d4rkn3ss” from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.

“The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer.”

#vulnerabilities #web security #device takeover #grimm #internet of things #netgear #remote code execution #routers #small office home office #unpatched flaw #zero day initiative #zero-day vulnerability

What is GEEK

Buddha Community

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said.

Researchers have discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said.

The flaw, a memory-safety issue present in the firmware’s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative (ZDI) by a researcher called “d4rkn3ss” from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.

“The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer.”

#vulnerabilities #web security #device takeover #grimm #internet of things #netgear #remote code execution #routers #small office home office #unpatched flaw #zero day initiative #zero-day vulnerability

Mikel  Okuneva

Mikel Okuneva

1597618800

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL (End of Life).

The remote code execution vulnerability in question, which was disclosed June 15, allows network-adjacent attackers to bypass authentication on vulnerable Netgear routers – sans authentication. The high-severity flaw affects 79 Netgear Wi-Fi routers and home gateway models – but Netgear says that 45 of those router models are outside of its “security support period.”

“Netgear has provided firmware updates with fixes for all supported products previously disclosed by ZDI and Grimm,” Netgear said in a press statement. “The remaining products included in the published list are outside of our support window. In this specific instance, the parameters were based on the last sale date of the product into the channel, which was set at three years or longer.”

A full list of the router models that won’t be patched – as well as those that have fixes being rolled out – is available on Netgear’s website.

“When we look at support windows, some of our products last five or six years, while others last only a few years,” David Henry, senior vice president of Connected Home products at Netgear, told Threatpost. “When we launch a product, as it gets old it goes into End of Life (EOL) and we stop building it and wind down [sales into the channel].”

For instance, one such Modem Router that won’t receive an update, the AC1450 series, is as old as 2009. Other router models, while newer, have reached EOL: The R6200 and R6200v2 wireless routers reached EOL in 2013 and 2016, respectively; while the Nighthawk R7300DST wireless router reached EOL in the first half of 2017, said Henry.

Regardless, Henry stressed that customers using both newer and older router models stay updated on security updates, as well as adopting best security practices, including turning off features like remote access or changing admin passwords (which he said is enforced by Netgear).

“I think it is really important that customers are paying attention to the updates we send out quarterly on our products,” said Henry.

The Flaw

According to the Zero Day Initiative (ZDI), which first disclosed the issue, the flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this flaw to execute code in the context of root, according to ZDI.

“Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines,” according to ZDI. “Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting.”

#vulnerabilities #web security #flaw #netgear #r6700 #r7800 #remote code execution #router #router flaw #router model #vulnerability

I am Developer

1597475640

Laravel 7 Full Text Search MySQL

Here, I will show you how to create full text search in laravel app. You just follow the below easy steps and create full text search with mysql db in laravel.

Laravel 7 Full Text Search Mysql

Let’s start laravel full-text search implementation in laravel 7, 6 versions:

  1. Step 1: Install Laravel New App
  2. Step 2: Configuration DB .evn file
  3. Step 3: Run Migration
  4. Step 4: Install Full Text Search Package
  5. Step 5: Add Fake Records in DB
  6. Step 6: Add Routes,
  7. Step 7: Create Controller
  8. Step 8: Create Blade View
  9. Step 9: Start Development Server

https://www.tutsmake.com/laravel-full-text-search-tutorial/

#laravel full text search mysql #laravel full text search query #mysql full text search in laravel #full text search in laravel 6 #full text search in laravel 7 #using full text search in laravel

Hire Full Stack Developers

If you are looking for a full-stack mobile developer for your web or mobile app development needs?

Hire Full Stack Developers to develop any type of web, mobile, or desktop applications from start-to-end. HourlyDeveloper.io full-stack programmers know their way around different tiers of software development, servers, databases, APIs, MVC, and hosting environments among others.

Contact us: https://bit.ly/2W6j57w

#hire full stack developers #full stack developers #full-stack programmers #full-stack development #full-stack

Wilford  Pagac

Wilford Pagac

1602781200

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. In addition to denial-of-service (DoS) attacks, this variant also has remote-access trojan (RAT) and spyware capabilities.

According to 360Netlab, the botnet is unusual in a few ways. For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control (C2) server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.

In addition, Ttint also uses encrypted channels to communicate with the C2 – specifically, using the WebSocket over TLS (WSS) protocol. Researchers said that this allows the traffic to avoid detection while providing additional security.

And finally, the infrastructure seems to migrate. 360Netlab first observed the attackers using a Google cloud service IP, before switching to a hosting provider in Hong Kong.

Zero-Days

Tenda routers are available at big-box stores and are used in homes and small offices. The first vulnerability used to spread Ttint samples (CVE-2018-14558) has been exploited since at least November of last year; but it wasn’t disclosed until July. There’s now a firmware update available to address it.

The bug is a critical command-injection vulnerability, rated 9.8 out of 10 on the CvSS vulnerability-severity scale. It allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. It arises because the “formsetUsbUnload” function executes a dosystemCmd function with untrusted input.

In late August, a second critical Tenda router vulnerability (CVE-2020-10987) emerged in the campaign. It’s also rated 9.8 out of 10 and was initially disclosed in July by Independent Security Evaluators, after it had tried since January to get a patch from Tenda. It was able to exploit the bug in order to cause a DoS condition.

The bug exists because the goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter, according to the CVE description.

360Netlab also tried to warn Tenda about issues with the bug, this time for use in botnet infections.

“On August 28, 2020, we reported the details of the second 0-day vulnerability and the PoC [proof of concept] to the router manufacturer Tenda via email, but the manufacturer has not yet responded,” researchers said.

Threatpost has reached out to the manufacturer for more information.

#iot #malware #vulnerabilities #web security #360netlab #botnet #cve-2018-14558 #cve-2020-10987 #espionage #mirai variant #rat #remote access trojan #spyware #tenda router #ttint #zero day