Netgear router vulnerabilities could let attackers 'roam untethered through an entire organization'

Netgear Logo
Netgear Logo (Image credit: Netgear)

What you need to know

  • Microsoft discovered three vulnerabilities in Netgear routers that could lead to identity theft and full system compromise.
  • Netgear has already fixed the critical security issues.
  • The issues affect Netgear DGN-2200v1 routers.

Microsoft disclosed several vulnerabilities to Netgear routers that could allow attackers to "roam untethered through an entire organization," according to the Microsoft 365 Defender Research Team. A post from that team breaks down the vulnerabilities. The vulnerabilities were patched before they were disclosed publicly.

There are three bugs that affect Netgear DGN-2200v1 series routers that are running firmware lower than v1.0.0.60. Microsoft's staff noticed the bugs due to an "odd behavior:"

A device owned by a non-IT personnel was trying to access a NETGEAR DGN-2200v1 router's management port. The communication was flagged as anomalous by machine learning models, but the communication itself was TLS-encrypted and private to protect customer privacy, so we decided to focus on the router and investigate whether it exhibited security weaknesses that can be exploited in a possible attack scenario.

Microsoft explains that the first issue allows for a "complete and fully reliable authentication bypass." This is due to the issue allowing an attacker to access any page on the vulnerable device.

Latest Videos From

The second issue allows for a side-channel attack that can be used to get authentication credentials.

The final issue allows attackers to gain access to secrets stored in the device. "After some preparatory steps, the contents are DES-encrypted with a constant key "NtgrBak," explains Microsoft. "This allows an attacker to get the plaintext password (which is stored in the encrypted NVRAM) remotely. The user name, which can very well be variations of 'admin', can be retrieved the same way."

The critical issues have been fixed by Netgear already. The company outlines the fixes in more detail in a recent post.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.