Another Day, Another Raft of SOHO Networking Exploits

If you, our loyal readers, didn’t already see this one pass through on the news cycle earlier this week, you might want to take a look. The firm ISE (Independent Security Evaluators) has engaged in a second major review of routers, NAS, IoT, and related networking devices targeted at the SOHO and entry-level enterprise market, and found a range of active exploits ranging from minor all the way to root shell access.  Threatpost has a summary of the research paper the ISE team issued, and suffice to say it includes major products from Asus, Buffalo, Lenovo, Netgear, and others.

Major Brands, Major Issues

Here’s a particularly palpitating piece on one of Netgear’s primo products, purportedly pillaged by pusillanimous perfidy per the ISE paper producers:

The NETGEAR Nighthawk X10 R9000 is a high-end flagship router, supporting a variety of traffic management and administrative features. The primary user interface for this device is a web application, but a SOAP-based mobile application is also available. Within either interface, an administrator may manipulate common network settings, view device logs, manage Quality of Service as well as various other settings.

Initial testing of the administrative mobile application revealed that the “X-Forwarded-For” HTTP header is interpreted by the application. This header is commonly used by load balancers to convey a client’s IP address to downstream services, but it can lead to unexpected issues if used improperly. This device appears to interpret the header’s contents as the client’s real IP address, overriding any previous values. This device also appears to whitelist requests from its own IP address, allowing internal use of the API without managing authentication. When combined, these two functionalities give an attacker the ability to bypass all authentication checks on the SOAP API.

The ISE product appears to be reasonably well-written papurrr that includes methodology descriptions and code snippets of the exploits, so if you’re a network admin, a security researcher, or just a concerned citizen with a laser printer and 50,000 mp3s to keep secure from that aspiring PenTester next door who likes to harass your home network with a WiFi pineapple, it’s worth a look.

Aaron Vienot

Engineer by day, hobbyist by night, occasional contributor, and full-time wise guy.

avatar
4 Comment threads
7 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
9 Comment authors
Q-GodThe lost catAnonymous CowardSomeoneDPete27 Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
The lost cat
Guest
The lost cat

A list of vendors that rarely have major vulnerabilities might be nice. Google WiFi seems pretty solid.

Anonymous Coward
Guest
Anonymous Coward

I’m not convinced that people are compatible with software.

Someone
Guest
Someone

“I’m not convinced that secure Software is compatible with capitalism.

ftfy

Anonymous Coward
Guest
Anonymous Coward

While capitalism has recently been associated with a lot of short-term thinking, I’m not sure that you would get better software from any alternative way of organizing the humans.

Q-God
Guest
Q-God

I’m very sure. Capigtalism failed more epically than any other system.

DPete27
Guest
DPete27

primo products, purportedly pillaged by pusillanimous perfidy per the ISE paper producers
JACKPOT!!!!

Xolore
Guest
Xolore

Perfection.

Krogoth
Guest
Krogoth

Purfection……

Colton Westrate
Editor

You missed the opening “particularly palpitating piece” – it’s even better than you thought it was.

DPete27
Guest
DPete27

Ay, too many non-P words between, combo invalidated.

chuckula
Guest
chuckula

Ah the joys of having a full-bore Linux distro that isn’t properly updated with a slap-dash web interface running your router. The attack surface is just so optimized.

Pin It on Pinterest

Share This