Proof of concept
----------------
URL:
Firmware=V1.0.0.36_7.0.36
RegionTag=DGN2200_WW
Region=ww
Model=DGN2200
InternetConnectionStatus=Up
ParentalControlSupported=1
Solution
--------
Restrict access to webpages containing sensitive functionality or data to authenticated users.
10. Firmware Update Vulnerable to Man In The Middle
===================================================
Requires
--------
Control of the user’s network, for example at the ISP level or local network.
Description
-----------
Each time an admin logs into the web interface, the web interface attempts to find new firmware on an FTP server.
FTP is an insecure protocol that is vulnerable to man-in-the-middle attacks. An attacker could provide a backdoored version of the firmware.
Updates are sourced from: ftp://14.0.34.208/dgn2200/ww/
Impact
------
Using this vulnerability, BAE Systems was able to provide a malicious firmware image to the router.
Solution
--------
Retrieve updates using a protocol with SSL/TLS with certificate validation.
Apply a public key signature to firmware images and check them before usage.
End User Recommendation
=======================
Replace your NetGear router with a more recent model that can receive updated firmware.
Disclosure Time-Line
====================
29/11/2012 - Vendor notified
6/12/2012 - Vendor acknowledges vulnerabilities but advises that the product is beyond its end of life and will not be patched
11/2/2014 - Advisory released
Contact
====================
Advisory URL: %28AIS-2014
Website:
建议:
--------------------------------------------------------------------------------
厂商补丁:
Netgear
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: