NETGEAR routers have again become the victims of a DNS monitoring exploit. Potentially affecting 11,000 Devices. Site thehackernews.com first posted about A Vigilante Hacker, who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password.
A few days later a security researcher (name not given) claims to have discovered a series vulnerability in the routers of the same model. The exploit has been published as of today check out this link to see details on this vulnerability in Netgear routers.
The real meat of this exploit is that it allows hackers to change Domain Name System (DNS) settings of victims’ routers to the malicious IP address.
One security researcher Joe Giron, gave the details of his experience to BBC, “The admin settings on his personal router have been modified on 28 September.”
Specifically, Domain Name System (DNS) settings on his router were changed to a suspicious IP address. The result of which was the hacked router was sending web browsing data to a malicious Internet address. Giron said “Normally I set mine to Google’s [IP address], and it was not that, it was something else, For two or three days all my DNS traffic was being sent over to them.”
Giron contacted Netgear about the serious issue, to which they replied that the vulnerability discovered their products is ‘serious,’ but “affects fewer than 5,000 devices.“
Perhaps more troubling is that Giron then SHUT OFF his router as NETGEAR did not have an available patch for the exploit. Jonathan Wu senior product director at NETGEAR said “”Is it serious? Yes, it definitely is.” and suggested users not use their devices untill a firmware patch planned for October 14th can be pushed to effected devices. NETGEAR has not released a list of effected devices, however they say it is less than 5,000 units.