And the company reaction is: not even 'meh'
An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.
Through service workers, scripts that browsers run as background processes, Rashid Saleem reckons he can exploit Netgear routers to successfully compromise admin panel credentials.
There's just one catch: for Saleem's method to work, the target has to try to log into their home router after connecting to a compromised Wi-Fi point and downloading malware.
By loading a malicious service worker for the domain routerlogin.com – the default admin panel address for Netgear consumer routers – Saleem said it is possible for a bad actor to capture and read the login credentials by executing a classic man-in-the-middle attack.
As w ..
Support the originator by clicking the read the rest link below.
