If you own a Netgear router you should be upgrading your firmware right now as it happens your router could be turned into a botnet very easily. Researchers have discovered a security hole that potentially could give your Netgear router login details to hackers easily.
The newly discovered vulnerabilities essentially allows attackers to exploit the router's password recovery system to bypass authentication and hijack the login details to get full access to device's settings.
Last year June, Netgear published a notice and provided a fix to few vulnerable routers but did not fix it for all the devices. Instead a workaround was provided. According to the researchers, ten thousand Netgear devices are vulnerable and can be remotely accessible via the reported exploit. Once gained access to the router, it can be used to run a bot to serve to the botnet farm. If that isn't possible a mere DNS change can be done to rogue one as a bot.
If you are accessing Internet using a Netgear Router you should upgrade your device's firmware right now. There is a high chance your might get hacked and you would never know.
Firmware fixes are currently available for the following affected devices. To download the firmware release that fixes the password recovery vulnerability, click the link for your model and visit the firmware release page for instructions:
If your router isn't in above list, Netgear has also provided a workaround to avoid getting hacked.
- Manually enable the password recovery feature on your device.
For more information, visit Configuring router administrative password recovery. - Ensure that remote management is disabled.
Remote management is disabled by default. For more information, check the user manual for your product, which is available from http://www.netgear.com/support/.
Read more about the fixes and workaround on the Netgear website.
Source :CVE-2017-5521: Bypassing Authentication on NETGEAR Routers | Trustwave
