IDG News Service - Vulnerabilities in the management interfaces of some wireless router and network-attached storage products from Netgear expose the devices to remote attacks that could result in their complete compromise, researchers warn.
The latest hardware revision of Netgear's N600 Wireless Dual-Band Gigabit Router, known as WNDR3700v4, has several vulnerabilities that allow attackers to bypass authentication on the router's Web-based interface, according to Zachary Cutlip, a researcher with security consultancy firm Tactical Network Solutions.
"If you browse to
Microsoft Internet Information Services 8, you are allowed to bypass authentication for all pages in the entire administrative interface," Cutlip said Tuesday in a
blog post. "But not only that, authentication remains disabled across reboots. And, of course, if remote administration is turned on, this works from the frickin' Internet."