GRIMM, a forward-looking cybersecurity organization led by industry experts, announced they performed dedicated vulnerability research against a series of Netgear SOHO devices and discovered a vulnerability that allows remote code execution (RCE) as root. This research stems from GRIMM’s Private Vulnerability Disclosure (PVD) Program where research targets are selected based on extensive threat modeling and our team’s deep background in reverse engineering and vulnerability research.
Recommended ITech News: Crunchy Data Delivers Trusted PostgreSQL Containers In Collaboration With The U.S. Department Of Defense
“As part of this research, we discovered a vulnerability that unauthenticated attackers can leverage to gain remote code execution (RCE) as root on these devices,” said Adam Nichols, Principal of Software Security, GRIMM. “The impact of this vulnerability is that it allows an attacker to monitor and modify traffic that is sent through compromised devices as well as provide a pivot point for lateral network movement.”
To mitigate the risk of similar vulnerabilities, GRIMM recommends the use of virtual private network (VPN) clients that encrypt all traffic before it passes through a network device. Additionally, reducing the number of services running on your router is another mitigation strategy for those with direct access to their routers.
Recommended ITech News: Interstate Connecting Components (ICC) Introduces BHA PTFE-Plated M28876 Connectors from Amphenol Fiber Systems
This vulnerability is significant because the routers impacted are Small Offices/Home Offices (SOHO) devices. These devices aren’t frequently found inside enterprise networks, and thus security issues within them may be overlooked. However, with the increase in remote work due to COVID-19 precautions, many organizations now have a greater number of their employees connecting to internal networks through their own, personal SOHO devices. In these cases, SOHO device vulnerabilities provide a potential vector through which remote attackers can gain access to the data sent in and out of corporate networks.
The security research is done entirely by GRIMM’s internal PVD team. The GRIMM PVD team has decades of experience in the most sensitive environments. Because GRIMM has a strong commitment to partnership, the PVD program welcomes requests to look into specific software or hardware. GRIMM is able to offer this service to a limited, trusted clientele to ensure that the program is used appropriately while the team works with the vendors for patches.
Recommended ITech News: Hitachi Solutions Named A Leader in Everest Group’s First PEAK Matrix Assessment for Microsoft Dynamics 365 Services
