Password-stealing security hole discovered in many Netgear routers
Graham Cluley writes:
A security researcher has described how he uncovered a severe security hole in dozens of different Netgear routers, meaning that “hundreds of thousands, if not over a million” devices could be at risk of having their admin passwords stolen by hackers.
Simon Kenin, a researcher at Trustwave, has explained how sheer laziness on a cold and rainy winter night stopped him from getting out of bed and going downstairs to reboot his router.
Instead, he stayed under the covers and investigated whether he could find a way to hack into the device’s web admin panel, having forgotten the access password.
Shockingly, Kenin discovered that all he had to do was send a simple web request to the router’s management software to retrieve its admin password, using two security flaws previously disclosed on other Netgear routers back in 2014.
Read more on We Live Security.