http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html
http://www.csnc.ch/misc/files/advisories/CSNC-2015-007_Netgear_WNR1000v4_AuthBypass.txt
Gotta love the ‘concerned’ reporting of an exploit.
Okay, guess that's what I'll do, too. Damn!
The vulnerability itself is an authentication bypass that affects the N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img versions of the firmware. If users have remote administration turned on (it's off by default), anyone with Internet access could theoretically hack into a Netgear router and pick up information from it, as well as install tracking or keylogging software. If remote administration is turned off, an attacker can still take advantage of the flaw, assuming that he or she is physically connected to the router, or on the same Wi-Fi network.
When I’m on the road I use a Netgear WiFi hotspot. Is that the same thing? It’s a Boost mobile through Sprint.
huh... I’m thinking a goverment that interprets laws to accommodate their actions might use this exploit to say...
...put child porn on a government critics computer, then hold this embarrassing breech of the law over the critics head to make them dance to another tune. Like BO’s tune.
So as I read it, if I don’t have the remote operation turned on, I’m in the clear.
Bump to the top