Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Netgear router http://192.168.0.1/cgi-bin/;COMMAND backdoor

  • 26-12-2016 6:18pm
    #1
    Impetus
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭


    Netgear routers seem to run on un-patched old Linux. This company couldn't give !! for customer security. Linux is free, open source. There is no excuse for selling products without the latest version of code. Such action is surely in breach of the old Sale of Goods Act 1893, as amended? Which means the vendor of such rubbish could be sued for any damage caused by Netgear's negligence.

    The latest weakness allows anybody to send an email or weburl link (with whatever they like the the visible text) which sends http://192.168.0.1/cgi-bin/;COMMAND to the Linux box in the router. One suspects that Netgear is not alone. The biggest vulnerability on one's internet platform is probably the router - cheap, and out of date.

    https://www.kb.cert.org/vuls/id/582384

    I don't trust any of my ISP's router boxes and always insert a Synology RT2600ac between the ISP's router and my system. I chose this product because of its speed - it does not slow down a connection, and figure that there is very little malware out there which can get past the combination of the ISP's crapware and the Synology. Having said that one has a few other tricks in place. ISPs invariably write-over customer settings when 'updating' their router firmware. Sometimes this includes, but is not limited to the user ID and password. A litany of incompetence. High time Comreg was shut down as they haven't a clue about communications matters in 2016, not to mind in 2017.


Comments

  • #2
    GerardKeating
    Registered Users, Registered Users 2 Posts: 7,806 ✭✭✭GerardKeating


    Impetus wrote: »
    Netgear routers seem to run on un-patched old Linux. This company couldn't give !! for customer security. Linux is free, open source. There is no excuse for selling products without the latest version of code. Such action is surely in breach of the old Sale of Goods Act 1893, as amended? Which means the vendor of such rubbish could be sued for any damage caused by Netgear's negligence.

    The latest weakness allows anybody to send an email or weburl link (with whatever they like the the visible text) which sends http://192.168.0.1/cgi-bin/;COMMAND to the Linux box in the router. One suspects that Netgear is not alone. The biggest vulnerability on one's internet platform is probably the router - cheap, and out of date.

    https://www.kb.cert.org/vuls/id/582384

    I don't trust any of my ISP's router boxes and always insert a Synology RT2600ac between the ISP's router and my system. I chose this product because of its speed - it does not slow down a connection, and figure that there is very little malware out there which can get past the combination of the ISP's crapware and the Synology. Having said that one has a few other tricks in place. ISPs invariably write-over customer settings when 'updating' their router firmware. Sometimes this includes, but is not limited to the user ID and password. A litany of incompetence. High time Comreg was shut down as they haven't a clue about communications matters in 2016, not to mind in 2017.

    Would changing the default IP of the route not stop this ?


  • #3
    [Deleted User]
    Posts: 0 [Deleted User]


    GerardKeating wrote: »
    Would changing the default IP of the route not stop this ?

    No, the vulnerability is with the routers web interface being vulnerable to XSS.

    The attacker would need to have access to your LAN to launch the attack, for example plugging directly into your router or if you're running an open wireless network (I hope not).

    Once connected (usually) the default route would be set to the IP address of the router so changing the default IP I'll still be able to see the routers IP quite easily and launch the attack. Failing that a sweep of what IPs are listening on port 80 would take seconds.


  • #4
    Impetus
    Registered Users, Registered Users 2 Posts: 1,667 ✭✭✭Impetus


    I like my Synology (made in KR) router. Software updates every few days. They take security seriously - unlike US manufacturers who play 'yes sir' to NSA & co - all other 23 'security agencies' I do not trust the Cisco router provided by several ISPs I use. I have one ISP who delivers FTTP and does not use Cisco and my level of concern on this connection is at a lower level.

    Perhaps the new regime (eg in the USA and other Anglo states) will try to bomb South Korea off the face of the earth, as they did in Iraq Libya and Syria etc?

    On the internet, the war is by ordinary individuals, against dictator controlled states, and pro democracy.


Advertisement