A staggering 79 Netgear router models are at risk of a critical security vulnerability that can allow cybercriminals to capture devices remotely.
Two independent security researchers, namely Adam Nicholas and another researcher who is nicknamed as d4rkn3ss have discovered the vulnerability.
Nicholas says that the flaw impacts 758 diverse firmware types that have been used on 79 Netgear routers over the years, with some firmware versions being first installed on devices released in 2007.
The researcher says the bug sits in the web server module that’s packed inside the susceptible Netgear router firmware, which is used to run the router’s built-in administration panel.
Nicholas goes on to say that the server doesn’t correctly authenticate user input, doesn’t use “stack cookies” to defend its memory, and the server’s binary is not compiled as a Position-independent Executable (PIE).
This deficiency of correct security defenses opens the door for a hacker to create spiteful HTTP requests that can be used to capture the router.
The researchers said he was able to “start the [router’s] telnet daemon as root listening on TCP port 8888 and not requiring a password to login.”
Both security researchers revealed they reported the fault to Netgear at the beginning of the year.
Thanks to the flaw’s extensive effect and vast amount of work needed to produce and test a fix for all devices, the router maker requested more time to fix these problems; nevertheless, this extension ended on Monday this week, June 15.