+39 02 8718 8553 sales@tanaza.com

 

Thanks to FIRMADYNE, an open-source framework that runs security tests on embedded firmware, researchers have found new and existing vulnerabilities in Netgear and D-Link wireless hardware.

Thanks to FIRMADYNE, an open-source framework that runs security tests on embedded firmware, researchers have found new and existing vulnerabilities in Netgear and D-Link wireless hardware. - Netgear WN604Netgear WN604

FIRMADYNE is an open-source framework created by Boston University students as part of a research project designed to detect vulnerabilities by performing a security analysis of Linux-based embedded devices. Using this framework, researchers were able to perform security tests on 42 embedded device manufacturers and they analyzed approximately 23,000 firmware images. This resulted in the discovery of a total 887 images, of the 9,486 extracted, with vulnerabilities to at least one of the 74 known exploits. Additionally, researchers also found 14 formerly undetected vulnerabilities in 69 firmware images used by 12 products.

In an email sent By Dominic Chen to Full Disclosure on the D-Link and Netgear Router Vulnerabilities, Chen brought to light some of the vulnerabilities detected on the Web management interface of the Netgear and DLink routers. On the Netgear devices, the discovered flaws included pages that could be accessed without authentication (and could consequently allow direct imput to the command-line), as well as unauthenticated web pages which exposed the WPS (Wi-Fi protected Setup) PIN. Furthermore, the flaws detected on the DLink devices enabled remote code execution as a result of the buffer overflow vulnerability of the web server, as well as exposure of passwords and administrative credentials over the SNMP (Simple Network Management Protocol).

The vulnerabilities reported by FIRMADYNE affected the following 6 Netgear devices (Netgear WN604, Netgear WN802Tv2, Netgear WNAP210, Netgear WNAP320, Netgear WNDAP350, Netgear WNDAP360) and 7 D-Link devices (D-Link DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2660, DAP-2690, DAP-2695).

 

 

Which Wi-Fi devices can be Tanaza Powered? CHECK THE LIST OF SUPPORTED MODELS

 

 

 

Related Links:

Vulnerability of Netgear firmware used in multiple routers

D Link’s security oversight of private keys on open-source firmware

News from the industry – Netgear Vs Ruckus

DAP-3310 by D Link: outdoor access point and coverage extender