NetGear WNDR Routers Vulnerable To External Internet Attack
Peter Adkins over at Kernal Picnic has posted on Seclists that several of the NetGear WNDR routers are vulnerable to compromise from the external Internet connection as well as the internal network. This vulnerability already has a proof of concept on GitHub. The vulnerability appears to be in the Simple Object Access Protocol (SOAP) used by the NetGear Genie application. By sending a HTTP request with a blank form and a “SOAPAction” header an attacker can get the NetGear device to send back unauthenticated requests for information such as passwords, WLAN info, and details on other devices connected to the NetGear router.
As of the 17th of February, 2015 the following models and firmware have been confirmed susceptible:
NetGear WNDR3700v4 – V126.96.36.199SH
NetGear WNDR3700v4 – V188.8.131.52
NetGear WNR2200 – V184.108.40.206
NetGear WNR2500 – V220.127.116.11
These models may also be affected:
Keep up the good work Peter!
Seclists.org link: http://seclists.org/fulldisclosure/2015/Feb/56
GitHub Proof Link: https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR