Link: https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
Grimm is back at it again, bullying some poor helpless SOHO routers. =
It’s 2020:
- Someone should have found this long ago.
- Stack based buffer overflows should not be exploitable. But it gets worse; Netgear actually had stack cookies for two models implemented, but then they removed them in a later firmware update! On top of all that, the vulnerability can be triggered before the CSRF token is checked, so the exploit can be delivered by pivoting through a user’s browser.
- The webserver runs as root.
Putting it all together, the victim gets served an attacker-supplied ad while browsing the web, and then BOOM, the attacker has rooted their router (assuming the attacker knows or can guess the model/version router the victim is using).