A flaw in Netgear wireless routers allows attackers to bypass administrator authentication and potentially gain full access to the devices, a researcher has discovered.
Network engineer Peter Adkins found several routers in the popular Netgear WNDR range run Simple Object Access Protocol (SOAP) service as part of the Netgear Genie device administration application.
Despite appearing to be secure, Adkins was able to bypass filtering and authentication for the SOAP service with relative ease over wi-fi.
Through the SOAP service, he was able to extract the admin password for Netgear WNDR routers, wi-fi interface credentials and station identifiers, and other information such as the device serial number and connected clients, he said.
Adkins said he notified Netgear about the router takeover flaw, but was told by the vendor's support department that "the network should still stay secure", thanks to a number of unspecified built-in security features.
Adkins said he received no further response from Netgear on the vulnerability. He has published a proof of concept and detailed analysis document on Github.
Netgear wireless routers tested and found vulnerable:
- WNDR3700v4 - V1.0.0.4SH
- WNDR3700v4 - V1.0.1.52
- WNR2200 - V1.0.1.88
- WNR2500 - V1.0.0.24
- WNDR3700v2 - V1.0.1.14
- WNDR3700v1 - V1.0.16.98
- WNDR3700v1 - V1.0.7.98
- WNDR4300 - V1.0.1.60
Netgear routers believed also to be vulnerable
- WNDR3800
- WNDRMAC
- WPN824N
- WNDR4700