NetGear Router Authentication Bypass Vulnerability

A number of WNDR series devices contain an embedded SOAP service for use with the NetGear Genie application. This service allows for viewing and setting of certain router parameters, such as WLAN credentials and SSIDs, connected clients, guest WLAN credentials and SSIDs, and parental control settings.

Security pro Peter Adkins discloses vulnerabilities that can be leveraged “externally” over the internet, if affected NetGear WNDR devices have their remote / WAN management enabled. The included proof of concept queries this service in order to extract the admin password, device serial number, WLAN details, and various information regarding clients currently connected to the device.

Read more here – https://github.com/darkarnium/secpub/blob/master/NetGear/SOAPWNDR/README.md

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top