Disclosed Netgear Router Vulnerability Under Attack

[RV_]

Excerpt:

 

"A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited.Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately disclosed that it addressed the problem adequately.

 

Alexandre Herzog, CTO of Compass Security Schweiz Ltd., of Switzerland, told Threatpost that the unnamed victim became aware of the attack upon investigating the reasons behind some router instability. They discovered that all of their DNS queries had been redirected to the attacker’s server. The victim provided Compass with the IP address of one of the command and control servers involved in the attack. Herzog said his company was able to download data from the attacker’s server and determined that more than 10,000 other routers had already been exploited.

 

Herzog said Compass informed Switzerland’s national GovCERT, which said it has begun action to shut down the attacker’s server, had contacted Netgear about new firmware and contacted Internet service providers in order to patch infected routers; most of the victims, GovCERT said, are in the United States. Herzog said GovCERT has been unsuccessful in reaching Netgear.

 

An email from Threatpost to Netgear went unanswered prior to publication."

 

Much more detail here: https://threatpost.com/disclosed-netgear-router-vulnerability-under-attack/114960/