New Vulnerability in NETGEAR Nighthawk R7000 allows remote attackers to connect

Sunday, November 1, 2020, 8:27 GMT

If the user visits an attacker-controlled website using a modern browser, aka NAT Slipstreaming, the SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64 10.2.64 devices allows remote attackers to connect with arbitrary TCP and UDP resources on the victim’s intranet computer. This happens because, even though this packet has a non-zero fragment offset, the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the right intranet IP address in the corresponding Via header.

image from netgear.com

Solution:

Upgrade your router firm

References:

github.com/samyk/slipstream


Special offer:

ws-na.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=US&source=ac&ref=tf_til&ad_type=product_link&tracking_id=undercode-20&marketplace=amazon&region=US&placement=B08FC6C75Y&asins=B08FC6C75Y&linkId=e8c457bf32ee573918fb11265a3e9226&show_border=false&link_opens_in_new_window=true&price_color=032b56&title_color=032b56&bg_color=ffffff