Netgear RP114, RP614 vulnerability

[Ohana]

Anyone know about the following issues with the Netgear RP114 or Netgear RP614 routers?

1) The DHCP service that assigns IP addresses on the
LAN interfaces is also distributing IP addresses on
the WAN interfaces. This was noticed on the RP614 device.

This causes a problem since multiple DHCP servers are now responding on the WAN interface network. The Netgear device is an unwanted DHCP server.

2) With a workstation connected to the WAN network
side of the DSL router, access to the web admin
service (DSL router web admin) is accessible via the
LAN interfaces default gateway. If the default username and password is configured, access is very easy. If changed, this is a weak protection that is usually not monitored.

3) The netgear dsl router also acts as an anonymous
proxy. The users connected to the WAN interfce network can direct Internet traffic through the DSL routers WAN interface. The DSL router does NAT and hides the IP address of the users private IP address. As wells as the user does not need to use
their public IP address.

[Ohana]

The WAN interface on the Netgear routers are static.

If testing with a single computer, you may need to clear the arp table since the gateway might be mapped to the LAN interface's MAC instead of the WAN interfaces MAC.

If you have the RP114, when connecting to the network on the WAN interface, you may need to use static IP on the laptop.

Thanks....

[MrLinus]

I have both routers. I know about the WAN usage and private addressing "feature" on the RP 114 but apparently on the 614 this was fixed. I haven't personally tested it to verify it however. Reality is that it would require physical access to the router and if someone got that, then I have more serious issues to deal with (particularly given the way they are chained).

The DHCP I didn't know about but I do see somewhat of a reason for it: when you chain the routers together, they will need an address. Since these are SOHO or Home use routers, that would make some sense.

The WAN interface on the Netgear routers are static.

Unless I'm misunderstanding, this isn't true. Both of mine are set to DHCP clients. You may want to look at telnetting to the routers as you get more options. Have you ensured you have appropriate upgrades on the firmware?

BTW, which one is the DSL router? I thought both were simply SOHO routers rather than specific for a broadband.


I know Netgear was told of the Private Address access on the WAN and didn't consider it an issue. Do you know if the others have been sent to Netgear?

[Ohana]

Hi MsMittens...
Thanks for the followup.

To answer somw of yoou questions:

BTW, which one is the DSL router? I thought both were simply SOHO routers rather than specific for a broadband.

Your correct, bth are SOHO routers, my bad...

Unless I'm misunderstanding, this isn't true. Both of mine are set to DHCP clients. You may want to look at telnetting to the routers as you get more options. Have you ensured you have appropriate upgrades on the firmware?

Default is to use DHCP to receive an IP address on the WAN interface. In my work environment, I have to use static IPs on the company network. Users that use SOHO routers must configure their WAN interface with an assigned static IP address. When set with a static IP, these issues occur.

The DHCP I didn't know about but I do see somewhat of a reason for it: when you chain the routers together, they will need an address. Since these are SOHO or Home use routers, that would make some sense.

To function as a DHCP server on the LAN interfaces makes sense. However, to be a DHCP serever on the WAN interface doesn't. Especially if the DHCP service on the WAN interface issues IP addresses reserved for the SOHO's LAN interfaces. Basically the SOHO is assigning the same block of IP addresses on both the WAN and LAN interfaces.




I have not tried this, however, if I was to connect a PC directly to a Cable/DSL network and static assign my PC with 192.168.0.x, would I be able to web admin someone else's netgear router? Would I be able to use it as an anonmymous proxy?

Just wondering, right now this is what's happening in the SOHO environment. After getting a MAC addresses on the network, I forced the arp table to different Netgear MAC and was able to access their web admin client. If they changed their passwords, I didn't try cracking it, but I don't think that would be too difficult after reading some of the things on AntiOnline.

As for versions: my RP114 are using the latest firmwares.

For the RP614s, these are some other users on the network. When I try to web admin the device, the login window states RP614v2.

I tried asking Netgear about this issue, but they just asked me to pay and call customer service. I thought I'd ask the community for better advice.

Thanks