Thousands of Netgear routers with Network Attached Storage (NAS) can be freely accessed by anyone without permission of the owner. Netgear’s WNDR4700 routers run an outdated version of the ProFTPd FTP server which not only allows logging-in anonymously, but also contains a vulnerability that allows an attacker to remotely execute code on the router.
According to online devices search engine Shodan there are more than 2,000 open routers. By simply logging in anonymously with a FTP client an attacker (and pretty much anyone who knows how to work with a FTP client) can get full write and read permission. A quick search reveals that storage devices attached to the affected Netgear routers contain confidential data including medical data, tax information, private pictures, academic research and other confidential business related data.
Several days ago security researcher Peter Adkins discovered another vulnerability in several Netgear routers. This vulnerability allows an attacker to get all kinds of information from the device, however it only works with remote management enabled. When enabled an attacker can view and edit several settings, including the login data of the Wifi network and connected devices.
Adkins reported the issue on January 18th to Netgear. According to the company the routers have a security feature that prevent users from being at risk. After the statement Netgear closed the case and Adkins decided to publish his findings. Users of Netgear WNDR3700v4, WNR2200 and WNR2500 router are advised to turn off remote management. It’s likely also other Netgear routers like the WNDR3800, WNDRMAC, WPN824N and WNDR4700 are affected.
Some friendly users have uploaded text files warning the vulnerable device owners about the security issue.