[dayglored]

Exploit active in the wild for Netgear router ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

[dayglored]

Additional technical info:

http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html

http://www.csnc.ch/misc/files/advisories/CSNC-2015-007_Netgear_WNR1000v4_AuthBypass.txt

[Gene Eric]

Gotta love the ‘concerned’ reporting of an exploit.

[LibWhacker]

He has decided to turn off the router and not use it for the time being.

Okay, guess that's what I'll do, too. Damn!

[TChad]

From http://www.tomsguide.com/us/netgear-router-vulnerability,news-21699.html:

The vulnerability itself is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img versions of the firmware. If users have remote administration turned on (it's off by default), anyone with Internet access could theoretically hack into a Netgear router and pick up information from it, as well as install tracking or keylogging software. If remote administration is turned off, an attacker can still take advantage of the flaw, assuming that he or she is physically connected to the router, or on the same Wi-Fi network.

[SkyDancer]

When I’m on the road I use a Netgear WiFi hotspot. Is that the same thing? It’s a Boost mobile through Sprint.

[exPBRrat]

huh... I’m thinking a goverment that interprets laws to accommodate their actions might use this exploit to say...

...put child porn on a government critics computer, then hold this embarrassing breech of the law over the critics head to make them dance to another tune. Like BO’s tune.

[Poser]

So as I read it, if I don’t have the remote operation turned on, I’m in the clear.

[GOPJ]

Bump to the top