View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 12, 2015

Netgear routers under cyberattack

News: Company expected to release a patch on 14th October.

By CBR Staff Writer

Security researchers have found a vulnerability in Netgear routers, with the company yet to release a patch.

The exploitation allows attackers to gain full remote unauthenticated root access to the device if it has WAN administration enabled.

The vulnerability is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300- versions of the firmware.

If users have their ‘remote administration’ turned on, then hackers can hack into a Netgear router, pick up information, and install tracking or key logging software.

Even if the remote administration is turned off, an attacker can take advantage of the flaw if they are physically connected to the router, or on the same Wi-Fi network.

Threatpost cited Compass Security CTO Alexandre Herzog as saying that an unnamed victim came to know about the attack upon investigating the reasons behind some router instability.

Later on it was discovered that that all of their DNS queries had been redirected to the attacker’s server and it was found that more than 10,000 other routers had already been exploited.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.