Windows 10: Possible vulnerability to router

itzco_521 · Sep 13, 2020

I'm noticing something weird on my network, a few days ao I could not change my Firefox password in a Firefox browser, and the router password I had set up was no longer valid. I tried yesterday to do a factory reset on my router, I changed the default router password and a few minutes later I got logged out and the password I had created was no longer valid. That time I used Wireshark to find suspicous activity and I think I found something.

This 65.52.198.70 is establishing a ssl connection with my windows PC. I suspect that is part of the problem. There might be a spyware or something my PC hasnt caught yet cause I've done several scans with Windows Defender. I can provide the full Wireshark capture file if needed. Thanks in advance

:)

IggSter · Sep 13, 2020

How to factory reset Cisco 1700 Router

Hopefully I can help you here....its a very common thing to happen.

First, I take it you dont know the passwords for console access or telnet/ssh?

I will assume that these devices belong to you.

step 1. Plug a cisco console cable into a serial port on your pc
step 2. Plug other end into Cisco console port
step 3. Using hyperterm or putty or similar connect to the serial port
step 4. boot router, and make sure you clearly can see the output (this confirms you have good serial comms)
step 5. if this fails, adjust the comm port settings (9600, 8,1,n are the default)
step 6. now you have to do the only hard part...send the break command:

Break command list: Break Commands

Go down the list and match your OS and SW and try the sequence suggested.

If this fails several times do what I do: Install putty (free) and then to send a break so you can get into rommom just hit "ctrl-a b".

MrGenius · Sep 13, 2020

WPA2 Vulnerability Found

Also don't use your router in bridge mode, or mobile hotspot with WiFi data offloading enabled, without patched firmware.

NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:

Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.

Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.

Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.

Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.

If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:

Eavesdrop on communication between the affected product and the router to which it connects.

Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.

______________________

Until a firmware fix is available for your product, NETGEAR recommends that you follow these workaround procedures:

For Wireless Routers in Bridge Mode: disable Bridge Mode or power off the bridge router. For more information, see your product’s user manual or one of the following knowledge base articles:

What is bridge mode and how do I set it up on my NETGEAR router?

How to set your Nighthawk router to Router mode

For Mobile Hotspots using the WiFi Offload feature: disable WiFi Offload. For more information, see your product’s user manual.

Click to expand...

https://kb.netgear.com/000049498/Se...ies-PSV-2017-2826-PSV-2017-2836-PSV-2017-2837

Brink · Sep 13, 2020

Netgear R7000, R6400, and R8000 routers vulnerable

NETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products followed by an asterisk (*) have beta firmware fixes available—see below.

R6250*

R6400*

R6700*

R6900*

R7000*

R7100LG*

R7300DST*

R7900*

R8000*

D6220*

D6400*

NETGEAR is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible.

While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.

To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:

R6250

R6400

R6700

R6900

R7000

R7100LG

R7300DST

R7900

R8000

D6220

D6400

NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.

NETGEAR will continue to update this knowledge base article when we have more information.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.

If you have any security concerns, you can reach us at L: [email protected].
Click to expand...

Source: Security Advisory for VU 582384 | Answer | NETGEAR Support

Read more:

Vulnerability Note VU#582384 - Netgear R7000 and R6400 routers are vulnerable to arbitrary command injection

Netgear users advised to stop using affected routers after severe flaw found | ZDNet

Windows 10: Possible vulnerability to router

Possible vulnerability to router

Possible vulnerability to router

Possible vulnerability to router

Possible vulnerability to router - Similar Threads - Possible vulnerability router

Is it possible to remotely configure my router for wake on lan?

Cisco IOS XE routers Software Authentication Bypass Vulnerability

Vulnerability?

Cisco warns over critical ASR 9000 Series router vulnerability

Mitigating the last "L1 terminal fault" vulnerabilities - possible or not?

Malwarebytes Vulnerability

Blocking Netflix off my router, possible?

Is it possible to asign MAC address to router ports?

Netgear R7000, R6400, and R8000 routers vulnerable