AMP AMP

Netgear router vulnerability issue and bugs in Linux app: IT leaders need to be aware.

netgear

Debian an Linux distro developers were recommended that Cryptkeeper will be removed from the operating system after a critical bug which is a single character decryption password. The app’ s developer appears to have abandoned the project, reports The Register. A Debian developer, Simon McVitte, said in an email about the issue that a false sense of security that is worse than not encrypting at all at currently.

Threatpost reports that potentially more than one million Netgear routers contain a pair of vulnerabilities that could allow an attacker to retrieve management passwords for the devices. Netgear has released updates for 20 models, and has provided a workaround for an additional dozen that will not get updates.

VMware has issued to correct two vulnerabilities which is updates to its AirWatch Inbox and Agent for Android. AirWatch Agent for Android contains a vulnerability that during enrollment it may allow a device to bypass root detection, and AirWatch Inbox for Android’ s vulnerability will decrypt the local data used by the application which is allowed by a rooted device. Those updates are available in the Google Play store.

Tag : Linux app
FAQ
Q
in which website To report a security vulnerability?
A
report a security vulnerability by following link
https://bugcrowd.com/netgear
Q
where to refer all issues of netgear?
A
use the following link to refer all issues of netgear

http://www.netgear.com/about/security/.
Q
Where do I find NETGEAR genie App?
A
You can download NETGEAR genie App here
http://www.netgear.com/home/discover/apps/genie.aspx
Q
How can someone launch this attack?
A
The attack can only be launched once the attacker gets on the network by either connecting wirelessly to the network, with a Ethernet connection to the router, or remotely from the Internet if the remote management feature is turned on. By default remote management is turned off.
Q
What is the vulnerability and what does it mean to my router?
A
It was discovered that the security mechanism to authenticate the administrator to the router can be bypassed with a script that repeatedly calls a specific URL. The attacker can subsequently gain access to the router settings page.