Microsoft Reveals Critical Bugs Allowing Takeover of NETGEAR Routers


Microsoft has revealed critical bugs regarding NETGEAR routers that could cause data leaks and system compromise. More particularly, researchers from the Microsoft 365 Defender Research Team have elaborated on security vulnerabilities impacting NETGEAR DGN2200v1 series routers. According to the researchers, these security flaws could act as an entry point to discredit the security of a network. As a result, a cybercriminal could gain unfettered access. Nevertheless, these revealed vulnerabilities got patched before public disclosure. In December 2020, the company fixed these security vulnerabilities as a component of its coordinated vulnerability disclosure process.


Do you feel the need to have the expertise and human resource to remediate data breaches and cyber incidents? Here we offer Lifars Cyber Resiliency Program.


Discovery of Vulnerabilities by Microsoft

Microsoft researchers identified the vulnerabilities in NETGEAR routers in the wake of unusual behavior felt by them in the management port of the router. According to the researchers, the machine learning models flagged communication as an anomaly despite the communication itself was TLS-encrypted. Hence, it paved the way for them to carry out further investigation. The goal was to find out as though the presence of the mysterious condition indicates security weaknesses. Additionally, the researchers needed to know whether the given security flaws can get exploited to conduct a possible cyberattack.

The subsequent research revealed three HTTPd authentication vulnerabilities scored 7.1-9.4 relating to CVSS. These security weaknesses sway routers running firmware versions before v1.0.0.60. However, the first flaw enabled the team to gain access to any page on a device. Surprisingly, it allowed access to those pages that otherwise should demand authentication, for instance, router management pages. It lets one gain complete authentication bypass by appending GET variables in requests inside substrings.

The second security vulnerability allowed cryptographic side-channel attacks. It enabled the team to learn how the router authenticated users through HTTP headers. A cybercriminal could withdraw stored credentials in the event of its exploitation. Finally, the third flaw can cause the restoration of an encrypted file using a constant key called NtgrBak. Essentially, it can let the attacker extract and decrypt stored credentials, such as username and password.

Exercising Care When Dealing with Software

The rampant occurrence of ransomware and firmware attacks pushes users to exercise care when dealing with software. According to Microsoft, the examples of these attacks conducting through internet-facing systems or VPN devices get launched below or outside the operating system layer. Moreover, it suggests users need to ensure the security of even the single-purpose software that operates their hardware, including routers. Speaking of routers, NETGEAR appeals to its users to install the latest firmware for their NETGEAR routers. A user can hit the official website of NETGEAR to carry out the activity. Upon reaching the website, a user can download the latest firmware version by entering the model into the search box.


It is fascinating yet intimidating how hidden vulnerabilities can allow an attacker to gain complete control over the router. Hence, there is a great lesson to learn from a cybersecurity perspective. A case in point concerning NETGEAR routers further emphasizes the significance of raising digital walls to subvert potential cyberattacks. To learn more about proactive strategies against evolving cybersecurity threats, you can contact LIFARS 24/7.




Microsoft reveals critical vulnerabilities that can enable the takeover of NETGEAR routers.

Microsoft identifies NETGEAR router bugs.

Microsoft discovers NETGEAR firmware flaws that could cause complete system compromise.

Microsoft reveals flaws in NETGEAR routers.

Microsoft discovers NETGEAR router bugs.