NetGear has made a hotfix available for its Nighthawk routers after researchers found a network misconfiguration in the firmware allowed unrestricted communication with the internet facing ports of the device listening through IPv6.
No auto-update
The hotfix is available for the model RAX30, also known as the Nighthawk AX5 5-Stream AX2400 WiFi 6 Router.
The NetGear Nighthawk RAX 30 (image courtesy of NetGear)
To update your router’s firmware, follow the instructions in your router’s user manual, which can be found online.
Important to note is that having the “check for updates” or even the auto-update options enabled is not sufficient to get this hotfix. It needs to be downloaded manually and applied following the instructions.
What other security vulnerabilities were fixed in this hotfix or in the newer 1.0.9.92 hotfix, which also addresses security vulnerabilities, is unknown at this point.
Popular
The researchers found the bug while looking to enter Pwn2Own Toronto. The NetGear Nighthawk RAX30 is a popular model for home users and small businesses, which is one of the reasons why it was selected as a target for the Pwn2Own contest. Contestants set out to find previously unknown vulnerabilities in widely used software and mobile devices.
NetGear frustrated a lot of participants by issuing the 1.0.9.90 hotfix one day before the registration deadline for Pwn2Own. The patch invalidated the submission of this vulnerability and, it seems, some others as well.
The vulnerability
The vulnerability found by the researchers and patched just before the deadline, allowed unrestricted communication with any services listening via IPv6 on the WAN (internet facing) port of the device, including SSH and Telnet operating on ports 22 and 23 respectively.
Telnet is an application protocol used on the internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.
Secure Shell (SSH) is a network communication protocol that enables two computers to communicate and share data.
Although the researchers shared no further details about their attack chain that was crippled by the patch, having telnet and SSH available makes it very likely they could have reconfigured the router, stolen data, or at least put it out of service.
Stay safe, everyone!
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.