More security flaws In Netgear, D: D-Link and Netgear wireless routers have come under attack from a security researcher who claims they are crippled by firmware flaws.
Tripwire researcher Craig Young said that he was working with several manufacturers to patch firmware holes, though he didn’t say which companies.
His comments come after a slew of reports from researchers on firmware holes, with the latest reported by Tactical Network Solutions researcher Zachary Cutlip.
“Unfortunately command injections like the Netgear one Zachary Cutlip and I both came across are all too common in embedded systems,” said Young. “There are a lot of consumer routers with these types of issues – [I’m] working with several vendors on this stuff at the moment.”
Cutlip last week discovered an authentication bypass vulnerability in the firmware for Netgear’s N600 Wireless Dual-Band Gigabit Router.
Analysing firmware for the WNDR3700v4 model, Cutlip found hackers could potentially bypass the authentication process on the router’s web-based controls. Another researcher exposed a similar flaw on the N900 router in April.
Netgear said it would patch the hole next month, and pointed out that any attack would require a hacker to be on the router’s LAN network through Wi-Fi, a wired connection or via remote access.
Earlier this month, D-Link issued emergency patches after another researcher, Craig Heffner, discovered a backdoor that allowed hackers remote access to admin settings.