Thousands of Netgear routers accessible via FTP by anyone – second issue in a week

Posted 24 February 2015 18:04 CEST by Jan Willem Aldershoff

Thousands of Netgear routers with Network Attached Storage (NAS) can be freely accessed by anyone without permission of the owner. Netgear’s WNDR4700 routers run an outdated version of the ProFTPd FTP server which not only allows logging-in anonymously, but also contains a vulnerability that allows an attacker to remotely execute code on the router.header-wndr4700-hero-photo-large-440x293

 

According to online devices search engine Shodan there are more than 2,000 open routers. By simply logging in anonymously with a FTP client an attacker (and pretty much anyone who knows how to work with a FTP client) can get full write and read permission. A quick search reveals that storage devices attached to the affected Netgear routers contain confidential data including medical data, tax information, private pictures, academic research and other confidential business related data.

Several days ago security researcher Peter Adkins discovered another vulnerability in several Netgear routers. This vulnerability allows an attacker to get all kinds of information from the device, however it only works with remote management enabled. When enabled an attacker can view and edit several settings, including the login data of the Wifi network and connected devices.

Adkins reported the issue on January 18th to Netgear. According to the company the routers have a security feature that prevent users from being at risk. After the statement Netgear closed the case and Adkins decided to publish his findings.  Users of Netgear WNDR3700v4, WNR2200 and WNR2500 router are advised to turn off remote management. It’s likely also other Netgear routers like the WNDR3800, WNDRMAC, WPN824N and WNDR4700 are affected.

Some friendly users have uploaded text files warning the vulnerable device owners about the security issue.



CDan
MyCE Resident
Posted on: 24 Feb 15 18:19
ReadySHARE Cloud, file sharing (SMB) and DNLA server are all easily turned off in these routers. I'm not sure that any of this is on by default.
1 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post.

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×