Originally posted on The Register by Gareth Halfacree

Netgear has patched serious security vulnerabilities in its DGN2200v1 network router, following the discovery of “very odd behaviour” by a Microsoft security research team – a somewhat understated way of saying that attackers can gain “complete control over the router.”

Unveiled by the company at the Consumer Electronics Show back in 2010, Netgear’s DGN2200 is an ADSL modem-router combo box with, the company promised at the time, security features including “live parental controls, firewall protection, denial-of-service (DoS) attack prevention, [and] intrusion detection and prevention (IDS).”

Sadly, one thing didn’t make the list: functional authentication. As a result, it’s possible for remote attackers to take over the router at any time – as discovered by members of the Microsoft 365 Defender Research Team.

“We discovered the vulnerabilities while researching device fingerprinting in the new device discovery capabilities in Microsoft Defender for Endpoint,” the research team said. “We noticed a very odd behaviour: a device owned by a non-IT personnel was trying to access a NETGEAR DGN2200v1 router’s management port…

Read at The Register

Download PDF here