Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers



Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network’s security and gain unfettered access.

The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since been fixed by the company in December 2020 as part of a coordinated vulnerability disclosure process.

“The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating system layer,” Microsoft 365 Defender Research Team’s Jonathan Bar Or said. “As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware—like routers.”

Read more…