From PC World: Several wireless routers made by Netgear contain a vulnerability that allows unauthenticated attackers to extract sensitive information from the devices, including their administrator passwords and wireless network keys.
The vulnerability can be exploited over local area networks, as well as over the Internet if the devices are configured for remote administration and expose their Web interface externally.
Details about the vulnerability were published on the Full Disclosure mailing list last week, along with a proof-of-concept exploit. Peter Adkins, the researcher who found the flaw, claims that he contacted Netgear but that his attempts to explain the nature of the issue to the company’s technical support department failed.
The vulnerability is located in a service designed to interact with Netgear Genie, an application that allows users to monitor and control their routers from their smartphones or PCs.
View: Article @ Source Site
