Tenable, a cybersecurity firm based in Columbia, Maryland, has released a new report on an emerging threat involving NETGEAR and TP-Link routers.
According to Tenable research, both TP-Link and NETGEAR were forced to release last-minute patches for their Pwn2Own devices.
Pwn2Own is a computer hacking competition that has been held annually at the CanSecWest security conference since 2007.
The NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400 series), according to researchers, was to be included in the Pwn2Own bug-finding contest. The company discovered a flaw that invalidated their submission just one day before the deadline for registering for the contest and had to issue an urgent patch.
What was the problem?
According to a post published by Tenable cybersecurity experts, network misconfiguration was discovered in NETGEAR Nighthawk router versions prior to 1.0.9.90. These devices include IPv6 by default for the WAN interface.
The issue is that firewall rules used to determine IPv4 traffic access restrictions do not work on the IPv6 WAN interface. As a result, anyone gaining random access to a service running on the device may inadvertently listen to IPv6.
Telnet and SSH servers, for example, are launched by default on Ports 22 and 2. An adversary can take advantage of this misconfiguration to interact with services that are only available to local network clients.
Response to Threat Mitigation
Tenable discovered the patch for a flaw pending disclosure on December 1st, 2022, and contacted the vendor the following day for its CVE identifier.
NETGEAR Nighthawk router users should apply the recently released patch, which can be found here.
It should be noted that the affected router’s auto-update and Check for Updates features do not detect this patch at the moment, so you must apply it manually.
To read our blog on “Deaf people got power of speech with AI-powered smart glasses,” click here
