Netgear SOHO Security Bug Allows RCE, Corporate Attacks

Threat Post -

The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.

A high-severity security bug affecting several Netgear small office/home office (SOHO) routers could allow remote code execution () via a man-in-the-middle (MiTM) attack.

The bug (CVE--40847) exists in a third-party component that Netgear includes in its firmware, called Circle – it handles the parental controls for the devices, according to researchers at Grimm who discovered the . It rates 8.1 out of 10 on the CVSS 3.0 vulnerability-severity scale.

“Since this code is run as root on the affected routers, exploiting it to obtain RCE is just as damaging as a RCE vulnerability found in the core Netgear firmware,” they said in an advisory released Tuesday.

Specifically, the issue lives in the Circle update daemon. Researchers explained that the updating process is insecure, making it possible for attackers to spoof the update server and inject their own bits and bytes into the process.

It should be noted that a prerequisite for exploitation is having the ability to sniff and send network traffic to and from a target router, the advisory said – meaning

Read More: https://threatpost.com/netgear-soho-security-bug-rce/174921/