NetGear WNDR Routers Vulnerable To External Internet Attack
Peter Adkins over at Kernal Picnic has posted on Seclists that several of the NetGear WNDR routers are vulnerable to compromise from the external Internet connection as well as the internal network. This vulnerability already has a proof of concept on GitHub. The vulnerability appears to be in the Simple Object Access Protocol (SOAP) used by the NetGear Genie application. By sending a HTTP request with a blank form and a “SOAPAction” header an attacker can get the NetGear device to send back unauthenticated requests for information such as passwords, WLAN info, and details on other devices connected to the NetGear router.
As of the 17th of February, 2015 the following models and firmware have been confirmed susceptible:
NetGear WNDR3700v4 – V188.8.131.52SH
NetGear WNDR3700v4 – V184.108.40.206
NetGear WNR2200 – V220.127.116.11
NetGear WNR2500 – V18.104.22.168
These models may also be affected:
Keep up the good work Peter!
Seclists.org link: http://seclists.org/fulldisclosure/2015/Feb/56
GitHub Proof Link: https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR