back to article Cisco kindly reveals proof of concept attacks for flaws in rival Netgear's kit

Public proof-of-concept exploits have landed for bugs in Netgear Orbi routers – including one critical command execution vulnerability.  The four vulnerabilities are found in Netgear's Orbi mesh wireless system, including its main router and the satellite routers that extend Wi-Fi networks. Cisco Talos researchers disclosed …

  1. Snowy Silver badge
    Coat

    Watch out Cisco

    The next flaw in your stuff will Netgear show everyone how to exploit it?

    1. Version 1.0 Silver badge
      Pirate

      Re: Watch out Everybody

      In the office, cable network connections are much harder to hack and easier to defend and observe any fake internal access attempts. All you need to do is make the Internet access via a professional firewall that block all access except what you specifically need - that makes you a lot safer. Certainly it's harder to setup this operating method than just buying a Wi-FI network box that hasn't been hacked this week.

      Originally a network was only setup by an expert technician and was not easy to play with, but nowadays we all go with "easy to use" devices and it seems that hacking and malware delivery attempts are continuous. This is just how I've seen networking change since 1975, there were a few hacks many years earlier but nothing like the daily hacking attempts these days.

  2. Slipoch

    ummm?

    Doesn't Cisco own Netgear? I thought they were acquired ages ago (like '05)

    1. really_adf

      Re: ummm?

      I think you're thinking of Linksys, bought in 2003 by Cisco and sold in 2013 to Belkin (according to Wikipedia).

      1. Slipoch

        Re: ummm?

        Yup that'd be it.

  3. Richard 12 Silver badge

    Why the high score?

    If the attacker has to be authenticated, then they're already the wrong side of the door and can do all kinds of things.

    Seems to me that "Router administrator can execute arbitrary commands" is fairly low importance, given what else an administrator is supposed to be able to do anyway.

    What am I not seeing?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why the high score?

      The fact that Cisco also sells WiFi gear?

    2. This post has been deleted by its author

  4. Bebu Silver badge

    1970s museum pieces?

    "hidden telnet service functionality"

    Combine clear text telnet protocol with security through obscurity - says it all.

    Apologies if its kerberized telnet but I think unassisted porcine aviation more likely.

    Just from the story it sounds like you actually have to construct an ethernet frame with the br-lan mac address as the ethernet destination and inside that the ip/tcp/telnet packet in which case I think you would need to be on the same subnet or ethernet segment.

    When the attacker is aready within your walls and you have retreated to your donjon who owns the gatehouses probably the least of your concerns :)

    Security Theatre should have its own awards categories. We could start with Premio Ubu - unfortunately not named after Alfred Jarry's Ubu character but would have been singularly appropriate for my proposed award categories.

    1. DoctorPaul

      Re: 1970s museum pieces?

      Upvote for "unassisted porcine aviation"

    2. Kevin McMurtrie Silver badge

      Re: 1970s museum pieces?

      Does this mean Cisco is now scanning its own products for backdoor services? There's a plenty of Cisco hardware in the landfill because of backdoors.

    3. Danny 14

      Re: 1970s museum pieces?

      I think the last time I did this is was to set up a refurb UPS with a network management card. I had to dig out a usb to serial connector too.

  5. TheInstigator

    Wow - Cisco really is a PoS

    I still remember a time when Cisco network equipment was considered top of the line and everyone was after the CCIE accreditation ... how times have changed!

    1. Ian Mason

      Re: Wow - Cisco really is a PoS

      Don't blame Cisco, the fault is with Netgear equipment; it was the security consulting arm of Cisco, Cisco Talos, that discovered the vulnerabilities. Try reading more carefully next time.

      1. TheInstigator

        Re: Wow - Cisco really is a PoS

        Point taken - because the company that owns another company has absolutely no say or input into the running of their (effectively) subsidiary ...

  6. TheInstigator

    Were the Chinese behind it?

    Do we know whether the vulnerabilities were introduced by the Chinese during manufacturing?

    Netgear is an American company, so I wouldn't be surprised if the Chinese had infiltrated Netgear and introduced backdoors/security vulnerability in their equipment - I mean they're everywhree nowadays - how can you trust any of them?

    Best put them in camps for their safety and security!

    1. Youngone

      Re: Were the Chinese behind it?

      Netgear is an American company, so any vulnerabilities will have been added at the behest of one of the many, many American secret police outfits.

      There are so many to choose from it's hard to know where to start.

      1. TheInstigator

        Re: Were the Chinese behind it?

        Lies - all lies! It's the fault of the Chinese - always the Chinese

        1. AVee

          Re: Were the Chinese behind it?

          I think Poe's law applies here.

  7. jollyboyspecial

    Telnet?

    Really? The use of the word hidden suggests to me that this is an undocumented telnet backdoor? That is a vulnerability in itself.

    But why telnet? And a local password?

    Nothing but nothing should use telnet. The only reason I can see to use it would perhaps be for initial setup. Although I would always prefer a console port for initial setup. At least that requires physical access to the kit. But then cheap kit never seems to come with a console port

    1. Jellied Eel Silver badge

      Re: Telnet?

      Really? The use of the word hidden suggests to me that this is an undocumented telnet backdoor? That is a vulnerability in itself.

      It's a feature..

      But why telnet? And a local password?

      Because Telnet is widely implemented on many PCs, servers and iThings. So you do some spearfishing, get into a device on the inside of the network. Then telnet from the 'trusted' side of the network, use the backdoor to open the front door, and Bob can then invite Alice in to party. It always used to amaze me the number of businesses that should have known better that thought they only needed firewalls on the outside of their networks.

  8. quartzie

    Default password?

    In this day and time, allowing users to keep the default password on any online device is borderline criminally negligent design.

    1. mIVQU#~(p,

      Re: Default password?

      The default password for Orbi are printed on the back of the router and are unique per device.

  9. David 132 Silver badge
    Happy

    This article’s headline

    …reminded me of that old Onion article: “Ford issues recall for Chrysler minivans” (or words to that effect… it’s been 20 years or more and my google-fu isn’t up to finding the link)

  10. Sceptic Tank Silver badge
    FAIL

    Urbi et Orbi

    Don't tell me: Netgear's response to this will be to declare the vulnerable kit outdated and no patches will be forthcoming, and instruct owners to buy new.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like