Netgear SOHO Security Bug Allows RCE, Corporate Attacks
upstart writes:
Netgear SOHO Security Bug Allows RCE, Corporate Attacks:
A high-severity security bug affecting several Netgear small office/home office (SOHO) routers could allow remote code execution (RCE) via a man-in-the-middle (MiTM) attack.
The bug (CVE-2021-40847) exists in a third-party component that Netgear includes in its firmware, called Circle - it handles the parental controls for the devices, according to researchers at Grimm who discovered the flaw. It rates 8.1 out of 10 on the CVSS 3.0 vulnerability-severity scale.
Since this code is run as root on the affected routers, exploiting it to obtain RCE is just as damaging as a RCE vulnerability found in the core Netgear firmware," they said in an advisory released Tuesday.
Specifically, the issue lives in the Circle update daemon. Researchers explained that the updating process is insecure, making it possible for attackers to spoof the update server and inject their own bits and bytes into the process.
It should be noted that a prerequisite for exploitation is having the ability to sniff and send network traffic to and from a target router, the advisory said - meaning that adversaries would need to be attached to the same network as the appliance. That can be achieved by compromising a connected device such as a mobile phone or computer prior to initiating the RCE effort.
[...] This daemon connects to Circle and Netgear to obtain version information and updates to the daemon and its filtering database," researchers explained. However, database updates from Netgear are unsigned and downloaded via HTTP. As such, an attacker with the ability to perform a MitM attack on the device can respond to Circle update requests with a specially crafted, compressed database file, the extraction of which gives the attacker the ability to overwrite executable files with attacker-controlled code."
Read more of this story at SoylentNews.