Microsoft has identified three new vulnerabilities in a series of NETGEAR routers that can compromise a network’s security and give attacker free reign throughout an entire organization.
In a new blog, the Microsoft 365 Defender Research Team says that while researching device fingerprinting in the new device discovery capabilities in Microsoft Defender for Endpoint, it found three vulnerabilities with CVSS scores between 7.1 and 9.4 that could allow an attacker to access router management pages via authentication bypass and access sensitive information.
While researching device fingerprinting in new device discovery capabilities in Microsoft Defender for Endpoint, the company noticed a device owned by a non IT-personnel was trying to access a NETGEAR DGN-2200v1 router’s management port. That communication was flagged as an anomaly by machine learning models, but the communication was TLS-encrypted and private, so Microsoft instead focused on the router and investigated possible weaknesses that can be exploited.
In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues while maintaining backward compatibility. The critical security issues (those with CVSS Score: 7.1 – 9.4) have been fixed by NETGEAR. See NETGEAR’s Security Advisory for Multiple HTTPd Authentication Vulnerabilities on DGN2200v1.
We are sharing details from our research with the broader community to emphasize the importance of securing the full range of platforms and devices, including IoT, and how cross-domain visibility continues to help us uncover new and unknown threats to continually improve security.
According to Microsoft, the vulnerabilities allow for a “complete and fully reliable authentication bypass, allow for a side-channel attack used to get authentication credentials and allows attackers to gain access to secrets stored in the device.
Organizations using these routers are urged to download the latest firmware from NETGEAR to avoid any exploitations. For more detail on the vulnerabilities, read Microsoft’s blog and NETGEAR’s advisory.