I logged into the web management of a NETGEAR WNDR3700v2 router the other day and browsed to the Router Upgrade section. I was quite surprised to find that a new firmware version had been made available as I had been waiting many months for NETGEAR to fix some serious problems in this device.
I quickly applied the update and was pleasantly surprised that they had completely replaced the interface with a completely different and far more secure model. One of the biggest flaws in this device has been pointed out by many researchers and has the potential to permanently root your router.
Although only two CVEs were mentioned in the release notes (coupled with the firmware download), this latest update has actually addressed several issues which I will discuss in more detail at the upcoming BSidesSF conference (more detals in this interview).
For now, here is my list of CVEs addressed in this firmware:
Join me at BSidesSF or catch the upcoming webinar where I will demonstrate my methods for identifying these vulnerabilities and explore their impacts!
And be sure to join us at Tripwire’s Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.
- Chromejacking – Or How I Learned to Stop Worrying and Love Chromium Sync
- OpenX Ad Server and Remote Code Execution Vulnerability
- Distributed Nmap Port Scanning with a DNmap Megacluster
- Vulnerabilities: It’s Time to Review Your ReviewBoard
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Definitive Guide to Attack Surface Analytics
Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.
Title image courtesy of ShutterStock