Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices.
A security researcher has discovered a serious vulnerability in Netgear routers that has been publicly exploited by hackers.
The critical flaw could allow hackers to bypass authentication mechanism and change the Domain Name System (DNS) settings of victims’ routers to the malicious IP address. [Exploit Code]
A security researcher, named Joe Giron, gave the details of his experience to BBC, saying that he noticed some anonymous activities in his machine and on investigating he learned that:
The admin settings on his personal router have been modified on 28 September.
Specifically, Domain Name System (DNS) settings on his router were changed to a suspicious IP address. As an outcome of which the hacked router was sending web browsing data to a malicious Internet address.
“Normally I set mine to Google’s [IP address], and it was not that, it was something else,” Giron said. “For two or three days all my DNS traffic was being sent over to them.”
Affected Netgear Routers
- JNR1010v2
- JWNR2000v5
- JWNR2010v5
- WNR614
- WNR618
- WNR1000v4
- WNR2020
- WNR2020v2
Giron contacted Netgear about the serious issue, to which they replied that the vulnerability discovered their products is ‘serious,’ but “affects fewer than 5,000 devices.“
Further, Giron switched off his router to avoid anymore mishappenings.
Is it Serious Flaw…?
In another statement, Jonathan Wu, senior director of product management at Netgear said, “Is it serious? Yes, it definitely is.”
Currently, any patch is not available for the firmware on the affected devices. However, Netgear assures its users that the company will release a patch by October 14 to fix the issue.
Therefore, we would suggest all the Netgear router’s users not to use their devices, until the vulnerability is patched; as you might be one of those 5000.