NetGear WNDR Routers Vulnerable To External Internet Attack

Peter Adkins over at Kernal Picnic has posted on Seclists that several of the NetGear WNDR routers are vulnerable to compromise from the external Internet connection as well as the internal network. This vulnerability already has a proof of concept on GitHub. The vulnerability appears to be in the Simple Object Access Protocol (SOAP) used by the NetGear Genie application. By sending a HTTP request with a blank form and a “SOAPAction” header an attacker can get the NetGear device to send back unauthenticated requests for information such as passwords, WLAN info, and details on other devices connected to the NetGear router.

As of the 17th of February, 2015 the following models and firmware have been confirmed susceptible:

NetGear WNDR3700v4 – V1.0.0.4SH
NetGear WNDR3700v4 – V1.0.1.52
NetGear WNR2200 – V1.0.1.88
NetGear WNR2500 – V1.0.0.24

These models may also be affected:

NetGear WNDR3800
NetGear WNDRMAC
NetGear WPN824N
NetGear WNDR4700

Keep up the good work Peter!

Seclists.org link: http://seclists.org/fulldisclosure/2015/Feb/56
GitHub Proof Link: https://github.com/darkarnium/secpub/tree/master/NetGear/SOAPWNDR

Post by Protocol 46