It's Time to Patch the Firmware of Your Netgear Networked Device.
And that of Most Other Router Brands
This has indeed been a rough year network gear manufacturer Netgear.
The vulnerabilities discovered and firmware fixes applied is
"the fifth major set of remote code execution bugs that the US
networking company patches this year." The list of
Netgear models that received a fix includes SOHO routers, DSL modems,
cable modems, and extenders.
The bug is present in the Universal Plug and Play (UPnP) module.
UPnP is a critical function embedded in many devices that allows
different devices on the network to recognize one another.
"Because of its ubiquitous nature, UPnP is used by a wide
variety of devices, including personal computers, networking equipment,
video game consoles and internet of things (IoT) devices."
UPnP is not, therefore, a feature that cannot be ignored nor is it
advisable to simply turn the function off.
So what does this vulnerability cause to happen if the router goes
unpatched and the network is attacked through the vulnerability?
1.
"If exploited, these vulnerabilities could be used to
achieve unauthorized access to devices or even to modify the internal
filesystem which can be abused to affect traffic passing through the
device. "
2. Two different vulnerabilities
"make it possible to gain authenticated access to affected
Netgear devices. Once done, an attacker could then modify settings in
the administration panel to run arbitrary commands on a victim's router.
"
3. Additionally,
"commands could be used to open other ports or to allow command
line access over the network to a victim's operating system. With
operating system access, a malicious user could significantly impact the
availability of one of Netgear's routers and the data that is passed
through it."
Netgear is just one manufacturer of networking equipment with security
flaws.
"Security
researchers analyzed nine popular WiFi routers and found a total of 226
potential vulnerabilities in them, even when running the latest
firmware."
The critical need for patching known vulnerabilities has even got the
attention of the good ol' Uncle Sam. On November 3, 2021, The
Department of Homeland Security released a document with a rather
ominous sounding title right out of
Monty Python's Flying Circus:
Cybersecurity and Infrastructure Security Agency’s Binding
Operational Directive 22-01 - Reducing the Significant Risk of Known
Exploited Vulnerabilities. .
Although it should be noted that the Binding Operational Directive
"can't be enforced on technology teams outside of the US federal
government, but that doesn't mean there's nothing to learn here."
One feature of the Binding Operational
Directive is:
"The directive establishes a CISA managed catalog of known
exploited vulnerabilities and requires federal civilian agencies to
identify and remediate these vulnerabilities on their information
systems." The Complete
KNOWN EXPLOITED VULNERABILITIES CATALOG is a truly
stunning document. What I find most troubling is the known
vulnerabities is
Apache Web Server software.
Most commercial websites run on the Apache platform. And this is
not the first time Apache has been found to be vulnerable. Nor is
Apache especially unique. What
Apache is is ubiquitous behind the scenes on the Internet.
If you peruse the CISA document, you will notice the prescribed remedy
is almost all cases is to install the vendor's fix: PATCH THE
SYSTEM!
I have chosen to focus on Netgear products
because many, if not most, readers have Netgear networking products
installed. And Netgear is very good about developing and applying
patches. What I cannot do is give any specific instructions on how
to update your networking device's firmware. Each model has
different a procedure to obtain and apply the patch.
So....
"Who you gonna Call?"
Gerald Reiff
|