Qualys security researcher Mandar Jadhav has discovered two serious vulnerabilities in Netgear D6000 and D3600 modem routers, which can be exploited to gain access to the devices and to intercept traffic passing through them.
The vulnerabilities reside in the devices’ firmware, versions 1.0.0.47 and 1.0.0.49.
The first one (CVE-2015-8288) is due to the firmware containing a hard-coded RSA private key and a hard-coded X.509 certificate and key. An attacker that discovers this information can misuse it to gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets.
Original Source: Help Net Security
View the full story here.
The post Netgear removes crypto keys hard-coded in routers appeared first on IT SECURITY GURU.
