2 min

Tags in this article

, ,

The weaknesses could let attackers move freely about an entire network, stealing identity information and data.

Microsoft has discovered three vulnerabilities in Netgear routers that could lead to identity theft and full system compromise. They found the problems on the Netgear DGN-2200v1 routers. Netgear has already fixed the critical security issues, they say.

The Microsoft 365 Defender Research Team detailed the vulnerabilities in a blog post this week. “We have recently discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security,” they warned. They added that the faults amount to “opening the gates for attackers to roam untethered through an entire organization.”

The Microsoft team discovered the vulnerabilities while researching device fingerprinting in the new device discovery capabilities in Microsoft Defender for Endpoint. There they noticed “a very odd behavior,” they said. Apparently, a device owned by a non-IT personnel was trying to access a NETGEAR DGN-2200v1 router’s management port.

They flagged the communication as anomalous by machine learning models. But the communication itself was private and used TLS-encryption to protect customer privac. This led the team to focus on the router and investigate whether it showed security weaknesses that malefactors could exploit in a possible attack scenario.

Network routers now a “prime candidate” for attack

During the course of their research, the team unpacked the router firmware and found three vulnerabilities that attackers can reliably exploit.

“We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR),” they explained. They also worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues while maintaining backward compatibility.

Netgear has already fixed the critical security issues (those with CVSS Score: 7.1 – 9.4). See NETGEAR’s Security Advisory for Multiple HTTPd Authentication Vulnerabilities on DGN2200v1.

Still, the Defender Researchers included a word of warning in their post. “As modern operating system security continues to advance, attackers are forced to look for alternative ways to compromise networks,” they caution. “Network devices such as routers are a prime candidate. This makes an endpoint discovery solution a critical asset to any security operations.”