This week, a security hole the size of Nantucket was revealed in the firmware that ships with all brand new Netgear WNDR3700 wireless routers. Much like the D-Link vulnerability which was discovered earlier in October, the exploit allows any unauthenticated users to gain total access to your router, both from the local network and a remote browser used on an outside machine.
Zach Cutlip, a security blogger for Tactical Network solutions, was the first to come across the backdoor.
“With complete, persistent administrative access to the web interface, a huge attack surface is opened up. A malicious DNS server could be configured, exposing users to web browser exploits. Ports could be forwarded to devices on the LAN, exposing vulnerable services to attack.”
Netgear has attempted to downplay the severity of the leak, telling reporters it is a “LAN-only” issue, which Cutlip was quick to clear up.
“Remote administration is an option that is available in the router’s configuration interface, and many users have turned it on,” he told The Register
By exploiting this setting, attackers would be able to gain access to any of your computers from a remote device as long as the “Remote Administration” box were ticked and the networking equipment is linked up to the net.
Back in April a similar bug was found in another Netgear device in the same family, the WNDR4700, by researcher Jacob Holocomb of Independent Security Evaluators. In response to the various allegations, Netgear has promised The Register they have been working on a fix for the two compromised pieces of wireless hardware.
“We are aware of the recent discussions of security vulnerabilities on some Netgear routers. As always we are very vigilant about any new threats and take immediate actions to fix them. We are already working on a patch which should be released by next month-Nov’13.”
Until a true fix is made available, the best methods users can employ to protect themselves include disabling remote access in the dashboards of their routers, securing their wireless networks with WPA-2 standards, and using a VPN like ExpressVPN to connect to the web. Express VPN is the best method to maintain the malware content your moniker online, so head over to their website to get total protection for your home and mobile devices for only $8.63 a month!