NETGEAR Router Vulnerability Allowed Access to Restricted Services

A new report from Tenable, a Columbia, Maryland-based cybersecurity firm, outlined an emerging threat related to NETGEAR and TP-Link routers.

According to Tenable research, both TP-Link and NETGEAR had to release last-minute patches for their devices that were a part of the Pwn2Own event. For your information, Pwn2Own is a computer hacking competition held yearly at the CanSecWest security conference since 2007.

Last Minute Patch Issued by TP-Link

According to researchers, the NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400 series) was to be included in the bug-finding contest at Pwn2Own. Just one day before the deadline for registering for the contest, the company identified a flaw that invalidated their submission and had to issue a patch urgently.

What was the Issue?

According to a blog post published by cybersecurity experts at Tenable, network misconfiguration was identified in NETGEAR Nighthawk router versions released before 1.0.9.90. These devices, by default, feature IPv6 for the WAN interface.

The problem is that firewall restrictions in place to determine IPv4 traffic’s access restrictions don’t work on the IPv6 WAN interface. That’s why anyone gaining random access to a service running on the device can listen to IPv6 inadvertently.

For instance, by default, Telnet servers and SSH spawned on Ports 22 and 2. An adversary can exploit this misconfiguration to interact with services accessible only by local network clients.

Threat Mitigation Response

Tenable discovered the patch for a flaw pending disclosure on 1st December 2022, and the next day it reached out to the

Read more

Explore the site

More from the blog

Latest News