Sunday, January 24th, 2021

No, Netgear’s Recent Router Vulnerability Is Not that Serious

Netgear X6 R8000
The Netgear X6 R8000, one of the first tri-band router, is part of the group that gets affected.

This past week, I received a lot of questions regarding yet another newly-found router vulnerability, this time coming from Netgear.

Some of you expressed frustrations and went as far as saying you’d “never buy a Netgear again.” Well, that’s your call, but I’d say it’s an example of overreacting.

While router vulnerabilities are clearly no good, getting overly concerned about them is also unnecessary. I’ll explain that in this post.

Security vs. vulnerability: You can’t have the former without the latter

Generally, in computing, a vulnerability is where a device doesn’t provide the level of security it promises. Since it’s tough — impossible in fact — to test every single scenario, and technology is always evolving, vulnerabilities are inevitable.

So, it’s safe to say any device that has any type or level of security will have some vulnerabilities. It’s just a matter of when or if somebody finds out and exploits them to do bad stuff. In other words, the only time you get 100 percent vulnerability-free is when you don’t use any security at all.

(It’s just like your home. After you lock the door, rest assured that the lock can be picked or compromised one way or another. The only way not to worry about somebody breaking your lock is not to use one at all. Like all security measures, that of a home is more a matter of deterrence than total protection.)

So, vulnerabilities are common, and so are updates, or security patches, that fix them. Popular operating systems, like Windows or macOS, get regular updates, as frequently as once a month or even once a week. That happens regardless of whether or not the public is aware of any issue. Security is a never-ending cat-and-mouse game.

At some point, though, older versions are “out of life”, meaning they are no longer supported by the vendor. For example, if you decide to continue using Windows 7 or earlier versions, you’re on your own.

This applies to all things in the tech world, including home routers.

Why router vulnerabilities are big deals

Home Wi-Fi routers are IoT devices. By default, they are low-value targets. However, every time there’s a vulnerability report, it’s almost always a huge deal, for a few reasons.

READ NOW:  Guest Wi-Fi Network Explained: No, It's Not Really for Your IoT Devices

That’s right. Popularity goes side by side with seriousness. The more people use a router, the more widespread its security issues become. As a result, the vulnerability found in routers from popular vendors like Asus, Netgear, TP-Link, etc. tends to get a lot of attention.

Routers are a special Internet of Things device

Unlike other IoT devices, your home router is your gateway to the Internet. Having the control of the router, the bad guys can do a lot of severe damages, including (and not limited to) taking over your DNS server settings to redirect you to malicious websites.

Publicity

There’s nothing that grabs more attention than fear. And in the online world, attention is money.

READ NOW:  Online Media, Wi-Fi Explained, and How to Stay Safe: It's All on You!

Many times, though not always, router vulnerabilities (security issues in general) are blown up for self-serving purposes. The security firms use them to brush up their reputation or sell software. And the media take advantage of them to boost their page views.

(Let’s be honest with each other here. Many of the self-proclaimed “security experts” working for major media outlets know little or nothing about network security. They probably don’t have time or desire to learn the mundane details of a particular vulnerability, either. Instead, they repeat information from hackers or security firms, or patch-write a security blog.)

So most of the time, the vulnerabilities are not as bad as they are cracked up to be.

Is recent Netgear router vulnerability serious?

That depends on who you ask. For me, it’s not a huge deal.

The details of the issue are on this post if you don’t mind the technical jargon. But basically, it applies to the webserver in a limited number of relatively old routers.

(Some reports call the total number of affected devices as high as 79, but many of them are just variant, or different versions, of a single model. Here’s the complete list with their security patch status.)

The webserver is an integral part of a standard router. It allows users to work with the router via its web user interface, as well as other less popular tools, such as SSH or Telnet. In the case of this vulnerability, there’s an intricate way to fool the device so that one can log in without the correct password.

It’s not easy to exploit this vulnerability, and the bad guy needs to target a specific user. In other words, they need a particular reason to do it, with a relatively low chance of success, which brings us to the low-level target notion mentioned above.

Most importantly, many of the vulnerable models are among the first Wi-Fi 4 devices that are more than a decade old. If you still have one of those, you should replace it for performance reasons anyway. For a few that supports Wi-Fi 5, Netgear has already released security patches.

That said, the chance of anyone getting affected by this is meager, much lower than getting your car stolen if you leave it unlocked overnight in a sketchy neighborhood.

To put this in perspective. This whole episode is like somebody finds a security issue with Windows XP, Microsoft says it won’t fix it because the OS is no longer supported, and the media cry foul to get attention. It’s mostly just shenanigans.

The takeaway

Again, no, I don’t mean to downplay the importance of router security. However, there’s no need to get all wound up every time you hear of some vulnerability, either.

Just update your router to the latest firmware, keep its admin and Wi-Fi passwords secure, and don’t mess around too much with its settings (unless you know what you’re doing) and everything will be as fine as can be. It’s a matter of degrees.

Also, it’s a good idea to upgrade your network every five or six years (or when a device is “out of life”) with hardware from a reputable vendor.

Most importantly, no matter what router you’re using right now, keep in mind that it is vulnerable. You’d be fooling yourself if you believe otherwise. The only way to be 100 percent issue-free on this front is not getting online at all. But then you’ll have fewer creative options to deal with living, which by itself is risky.

2 thoughts on “No, Netgear’s Recent Router Vulnerability Is Not that Serious”

  1. It’s rather irresponsible to state that IoT devices are low level targets. As a network security professional, that is simply not true and dangerous to say. IoT devices are, by their nature, more vulnerable than big name established X86 or ARM computing devices from the likes of Apple since they are more likely to have a real engineering team dedicated to vulnerability research, the funds to cover the expenses, and a real reputation at stake. However, the IoT devices are the gateway to the rest of the devices in the typical flat topology home network.

    Since it’s much harder to compromise an iPhone than a smart light bulb, a hacker will compromise a smart light bulb, then traverse the rest of the flat home network that simply lacks net and IP isolation. They then keep scanning until they find and gain access to an unpatched Windows or Mac system. Remember, some OSes like MacOS don’t come with firewall blocking every service by default and some people even turn off their PC’s firewall.

    Picture this, if I can get into your network through your no-name brand light bulb, I can then attempt to gain access to your httpd/web gui for your compromised router using XSS forgery and other similar attacks on an unpatched device. With nmap and bash scripts, these types of attacks don’t have to be targeted. They can be fully automated and much faster than any human can perform.

    Also with MAC addresses, I can quickly parse through device brands while doing nmap scans.

    Please don’t write things such as this ir in your other article where you state that using a guest network is stupid. Unless you are a cybersecurity professional, it is best not discuss about such matters in an incorrect manner as the less technical people who go to your site can put their networks in danger.

    Remember, not everyone remembers to patch his/her devices on time and, due to lack of funds, cannot buy devices that are supported on the long term from reputable manufacturers.

    Also, the ‘security’ solutions that most home routers come with is laughable at best as they can only rely on DNS filtering and scanning of unencrypted traffic at best. The only effecting solutions are MITM SSL certs from big iron security appliance vendors that charge an arm and a leg to be able to decrypt network traffic at the router level, scan it, and then re-encrypt it before sending it out through WAN. Another effective alternative is Cisco’s encrypted traffic analytics.

    I’ve been a fan of your since you were at CNET but I have to call out misconceptions and misinformation so others are not left vulnberable.

    Reply

Leave a Comment