Increasing safety measures led attackers to explore different ways to breach systems. The increasing number of firewall and ransomware attacks employing VPN devices and other websites are instances of attacks initiated externally and underneath the operating system layer. As these sorts of attacks are becoming more widespread, consumers must also aim to maintain single-use software, running their hardware, such as routers. In Netgear routers, Microsoft has revealed several vulnerabilities that might lead to data disclosure and complete system compromise. Whereas on June 30, 2021, Jonathan Bar Or, a member of Microsoft's 365 Defender Research Team revealed, that the vulnerabilities that have been patched before public release. “We discovered the vulnerabilities while researching device fingerprinting in the new device discovery capabilities in Microsoft Defender for Endpoint. We noticed a very odd behavior: a device owned by non-IT personnel was trying to access a NETGEAR DGN-2200v1 router’s management port. The communication was flagged as anomalous by machine learning models, but the communication itself was TLS-encrypted and private to protect customer privacy, so we decided to focus on the router and investigate whether it exhibited security weaknesses that can be exploited in a possible attack scenario,” told Microsoft. After observing odd behavior on the router management port, the Microsoft Security team uncovered vulnerabilities. While TLS encryption protects the communication, machine learning models are still identified as anomalous. Three HTTPd authentication issues have been identified upon further research on the router firmware. The first one enabled the team to visit any website on a device, including those that need to be authenticated, such as router administration pages, by inserting GET variables to substrate requests, which allows full bypass authentication. The second security fl ..
Support the originator by clicking the read the rest link below.
