Security12.02.2018

Multiple security flaws found in Netgear routers

By Staff Writer

Trustwave has issued an advisory on security vulnerabilities in Netgear routers which have been patched in firmware updates.

The bugs affect 17 router models, including the Netgear R8500 Nighthawk X8, running firmware 1.0.2.86 or earlier.

The security flaws were:

Routers let you read any file from the device, provided the path to the file is known.
Authentication bypass – trivial and affects all 17 routers.
Command injection on some routers after authentication.
Chained attack command injection – anyone can run commands as root by exploiting several vulnerabilities in sequence.
Run commands as root when WPS is activated – 6 products affected.

Trustwave commended Netgear for its responsive and communicative PSIRT team.

Patches for the issues above are available from Netgear.

Now read: Netgear unveils gaming router with DDoS protection

Don't miss the latest news

Add MyBroadband as a preferred source in Google Search
Follow MyBroadband on Google News

Show comments

Forum discussion

Multiple security flaws found in Netgear routers

Now read: Netgear unveils gaming router with DDoS protection

Latest news

When André de Ruyter was CEO, Eskom shut down a tender review panel

Why Starlink has not applied for a licence in South Africa

New speed cameras to watch out for in South Africa

Exclusive Vodacom World deals to celebrate Youth Month and Father’s Day

Say goodbye to Woolworths’ WRewards and MySchool cards

Vodacom spent R7.7 million to keep its CEO safe

The Spirit of 1976 Lives in Today’s Lifesavers

Bad news about Green ID books in South Africa

Important state-owned company can’t afford to protect South Africa from cybercrime

More news

Investors can’t buy one of South Africa’s hottest tech stocks

The South African brothers who backed a cryptocurrency giant and flipped recruitment on its head are getting into luxury safaris

Codehesion – South Africa’s top software development specialists

People who use one of South Africa’s largest e-hailing apps must now upload their IDs and faces

Criminals prowl Facebook Marketplace in South Africa

OUTsurance celebrates best overturn ratio in the industry – what it means for you

MTN to build 420,000km of fibre in 4 years

Bitcoin rallies after US-Iran deal

Trending news

Eskom tightens its grip

What’s Next — Toyota SA’s Leon Theron unpacks Lexus’s pursuit of perfection in South Africa

Apex Interactive strengthens partnership with Turtle Beach to accelerate South African market growth

DStv declared war on streaming pirates

Big change for South African cities with the most expensive electricity

Avoid high licensing fees by building your own software

South African government leaving doors wide open to cybercriminals

Eskom before and after President Cyril Ramaphosa

Industry News

AV on the network, is your security strategy keeping up?

DStv and MTN South Africa partner to make the FIFA World Cup 2026 the most accessible one yet

Binance Commits $250,000 to Support Frontline Ebola Response in Uganda and DRC

South Africa’s digital future starts with school IT infrastructure

Top Paid Marketing Agency in South Africa according to verified reviews

Poll