Microsoft finds Netgear router bugs enabling corporate breaches
Sergiu Gatlan reports:
Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks.
The security flaws impact DGN2200v1 series routers running firmware versions before v22.214.171.124 and compatible with all major DSL Internet service providers.
They allow unauthenticated attackers to access unpatched routers’ management pages via authentication bypass, gain access to secrets stored on the device, and derive saved router credentials using a cryptographic side-channel attack.
Read more on BleepingComputer.