Netgear Router Private Keys Insecure System

It turns out that 2 researchers found a problem in Netgear routers. Tom Pohl and Nick Starke found a private key in firmware which can be used to fool the router.

Here is their github link and a screenshot:

The problem seems to be how the router is configured, as you see from a settings page of one of the WiFi-enabled routers:

The issue is due to allowing the usage of routerlogin.net to be trusted by browsers the router has to use a private key which is stored in an unsecured firmware.  So anyone who is ingenious enough can download the private key. And with some cleverness can create an attack on the netgear routers.

I am not going to point out how this can be done – but suffice it to say the criminal underworld in the Internet will find a way to monetize this issue.

 

So several issues arise out of this problem. Why did Tom Pohl and Nick Starke disclose this issue to the general public before a fix was issued?  Because there wasn’t enough communication by Netgear.

This is another cybersecurity complexity that occurs which does not make much sense to many people.

Contact Us to discuss this subject and if it affects you.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.