• Netgear router exploit detected
    7 replies, posted
[url]http://www.bbc.co.uk/news/technology-34491583#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa[/url]
[quote=bbc] "Is it serious? Yes it definitely is," said Jonathan Wu, senior director of product management at Netgear, one of the top three router brands in the US. "Because whenever anybody gets access to your router, they can alter settings to direct traffic to places you don't want it to go to." [b]However, Mr Wu added that attackers would have to get access to the network first and then guess the admin password.[/b] [/quote] That's hardly a "bug" or "hack". Being able to change DNS settings is a basic function of any home router. If someone can guess your router password, it's your own damn fault for having it exposed in the first place. I think this has been blown out of proportion.
Based on that they have an update upcoming to "fix" it, I assume the actual exploit is that there is no timeout on failed login attempts or something, but the BBC editor fucked up.
[QUOTE=UberMensch;48867582]That's hardly a "bug" or "hack". Being able to change DNS settings is a basic function of any home router. If someone can guess your router password, it's your own damn fault for having it exposed in the first place. I think this has been blown out of proportion.[/QUOTE] The article just sucks, the actual exploit is way worse There's basically a loginsuccessful.html page that's meant to show when you log in. If you manually go there and refresh a few times, it completely disables the authentication and gives you admin access :v: If the router has remote access enabled (which some do by default), anyone can do this and fuck with your settings without warning
Turn around and what do I see [t]http://sharex.moe/i/2015/10/1444456713.png[/t] :v: Should have stuck with netcomm
[url]http://seclists.org/fulldisclosure/2015/Oct/29[/url] The report, with some vulnerable firmware versions and method [editline]10th October 2015[/editline] Fuckin merge
[QUOTE=Scratch.;48870588]Turn around and what do I see [t]http://sharex.moe/i/2015/10/1444456713.png[/t] :v: Should have stuck with netcomm[/QUOTE] Speaking of netcomm, a while back we were stuck with no internet, so in order for me to use it I had to sit by the road with my laptop where I could access a WiFi connection. Later on it got a password added to it, having known the default password for a netcomm router we had, I tried it and it worked.
[QUOTE=111112oo;48870683]Speaking of netcomm, a while back we were stuck with no internet, so in order for me to use it I had to sit by the road with my laptop where I could access a WiFi connection. Later on it got a password added to it, having known the default password for a netcomm router we had, I tried it and it worked.[/QUOTE] Then login to the admin panel admin:admin change ssid and password shouldn't admit I've done that before
Sorry, you need to Log In to post a reply to this thread.