{"id":41559,"date":"2021-06-30T17:00:19","date_gmt":"2021-06-30T17:00:19","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=93975"},"modified":"2021-06-30T17:00:19","modified_gmt":"2021-06-30T17:00:19","slug":"microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/","title":{"rendered":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise"},"content":{"rendered":"

The continuous improvement of security solutions has forced attackers to explore alternative ways to compromise systems. The rising number of firmware attacks<\/a> and ransomware attacks via VPN devices and other internet-facing systems<\/a> are examples of attacks initiated outside and below the operating system layer. As these types of attacks become more common, users must look to secure even the single-purpose software that run their hardware\u2014like routers. We have recently discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network\u2019s security\u2014opening the gates for attackers to roam untethered through an entire organization.<\/p>\n

We discovered the vulnerabilities while researching device fingerprinting in the new device discovery<\/a> capabilities in Microsoft Defender for Endpoint. We noticed a very odd behavior: a device owned by a non-IT personnel was trying to access a NETGEAR DGN-2200v1 router\u2019s management port. The communication was flagged as anomalous by machine learning models, but the communication itself was TLS-encrypted and private to protect customer privacy, so we decided to focus on the router and investigate whether it exhibited security weaknesses that can be exploited in a possible attack scenario.<\/p>\n

In our research, we unpacked the router firmware and found three vulnerabilities that can be reliably exploited. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR<\/a>), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues while maintaining backward compatibility. The critical security issues (those with CVSS Score: 7.1 \u2013 9.4) have been fixed by NETGEAR. See NETGEAR\u2019s Security Advisory for Multiple HTTPd Authentication Vulnerabilities on DGN2200v1<\/a>.<\/p>\n

We are sharing details from our research with the broader community to emphasize the importance of securing the full range of platforms and devices, including IoT, and how cross-domain visibility continues to help us uncover new and unknown threats to continually improve security.<\/p>\n

Obtaining and unpacking the firmware<\/h2>\n

The firmware was available from the vendor\u2019s website<\/a>, making it easier for us to obtain a copy for examination. It is a simple .zip file containing release notes (.html) and the firmware image itself (.chk file). Running binwalk<\/a> on the .chk file ended up extracting the filesystem (squash-fs<\/a>).<\/p>\n

\"Screenshot<\/p>\n

Figure 1. Extracting the filesystem from the firmware<\/em><\/p>\n

The filesystem itself is a standard Linux root filesystem, with some minor additions. The relevant ones for our research are:<\/p>\n

    \n
  1. \/www<\/em> \u2013 contains html pages and .gif pictures<\/li>\n
  2. \/usr\/sbin<\/em> \u2013 contains various custom binaries by NETGEAR, including HTTPd, FTPC, and others<\/li>\n<\/ol>\n

    Since we saw the anomalous communication use the standard port that HTTPd serves, we focused on HTTPd. The HTTPd itself is a 32-bit big-endian MIPS ELF, compiled against uClibc (the standard libc for embedded devices), stripped. It seems the entire server-side logic (CGI) was compiled into the HTTPd.<\/p>\n

    \"Screenshot<\/p>\n

    Figure 2. HTTPd information with some symbols<\/em><\/p>\n

    Exploration<\/h2>\n

    When exploring an embedded web service, the first few questions that come to mind are:<\/p>\n

      \n
    1. Does the web service present some pages without authentication? If so, how are they governed?<\/li>\n
    2. How does the web service perform authentication?<\/li>\n
    3. Does the web service handle requests correctly (that is, with no memory corruption bugs)?<\/li>\n
    4. Does the web service implement certain security measurements, such as (anti-) cross-site request forgery tokens or Content Security Policy?<\/li>\n<\/ol>\n

      To answer these questions, we performed a static analysis of the HTTPd binary, along with some dynamic analysis by running QEMU, an open-source emulator, and hooking the specialized invocations (for example, NVRAM getters and setters).<\/p>\n

      Vulnerabilities in DGN-2200v1 routers<\/h2>\n

      Accessing router management pages using authentication bypass<\/h3>\n

      While examining how HTTPd dictates which pages should be served without authentication, we found the following pseudo code:<\/p>\n

      \"Screenshot<\/p>\n

      Figure 3. Pseudo code in HTTPd<\/em><\/p>\n

      This code is the first page handling code inside HTTPd, and it automatically approved certain pages such as form.css<\/em> or func.js<\/em>. While there is no harm in approving those pages, one thing that stood out was the fact that NETGEAR decided to use strstr<\/a> to check if a page has \u201c.jpg\u201d, \u201c.gif\u201d or \u201cess_\u201d substrings, trying to match the entire<\/em> URL.<\/p>\n

      We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like \u201c?.gif\u201d). For example: hxxps:\/\/10[.]0[.]138\/WAN_wan.htm<\/strong>?pic.gif<\/strong>. This is a complete and fully reliable authentication bypass.<\/p>\n

      Deriving saved router credentials via a cryptographic side-channel<\/h3>\n

      At this stage, we already had complete control over the router, but we continued investigating how the authentication itself was implemented.<\/p>\n

      If a page had to be authenticated, HTTPd would require HTTP basic authentication<\/a>. The username and password would be encoded as a base64 string (delimited by a colon), sent in the HTTP header, and finally verified against the saved username and password in the router\u2019s memory. The router stores this information (along with the majority of its configuration) in NVRAM, that is, outside the filesystem that we had extracted.<\/p>\n

      However, when we examined the authentication itself, we discovered a side-channel attack that can let an attacker get the right credentials:<\/p>\n

      \"Screenshot<\/p>\n

      Figure 4. Authentication process<\/em><\/p>\n

      Note that the username and the password are compared using strcmp<\/a>. The libc implementation of strcmp works by comparing character-by-character until a NUL terminator is observed or<\/em> until a mismatch happens.<\/p>\n

      An attacker could take advantage of the latter by measuring the time it takes to get a failure. For example, when measuring the times of the first character, we get the following graph:<\/p>\n

      \"Column<\/p>\n

      Figure 5. Time of reply per character attempt<\/em><\/p>\n

      This indicates that the first character is \u201cn\u201d. An attacker could repeat this process (\u201cna\u201d, \u201cnb\u201d, \u201cnc\u201d and so on) to get the second character, until the entire username and password is revealed.<\/p>\n

      We recommended to NETGEAR that they can avoid such attacks by performing XOR-based memory comparison, as such:<\/p>\n

      \"Screenshot<\/p>\n

      Figure 6. XOR-based memory comparison<\/em><\/p>\n

      This function continues even upon a byte mismatch. Similar approaches can be seen in cryptography secure libraries, such as OpenSSL\u2019s CRYPTO_memcmp<\/a>.<\/p>\n

      Retrieving secrets stored in the device<\/h3>\n

      After using the first authentication bypass vulnerability, we still wanted to see if we could recover the username and the password used by the router using other existing weaknesses. To that end, we decided to use the router\u2019s configuration backup\\restore feature. We can abuse the authentication bypass mentioned earlier to simply get the file: hxxp:\/\/router_addr:8080\/NETGEAR_DGN2200[.]cfg<\/strong>?pic[.]gif<\/strong>.<\/p>\n

      The file itself has high entropy, which suggests it was either compressed or encrypted so we couldn\u2019t read it directly. Additionally, binwalk did not produce any meaningful results:<\/p>\n

      \"Screenshot<\/p>\n

      Figure 7. High-entropy configuration file<\/em><\/p>\n

      Our suspicion became real when we reverse-engineered the backup\\restore functionality:<\/p>\n

      \"Screenshot<\/p>\n

      Figure 8. Constant password used for DES encryption<\/em><\/p>\n

      After some preparatory steps, the contents are DES-encrypted with a constant key \u201cNtgrBak\u201d. This allows an attacker to get the plaintext password (which is stored in the encrypted NVRAM) remotely. The user name, which can very well be variations of \u2018admin\u2019, can be retrieved the same way.<\/p>\n

      Enhancing router security through CVD and threat intelligence-sharing<\/h2>\n

      As modern operating system security continues to advance, attackers are forced to look for alternative ways to compromise networks, and network devices such as routers are a prime candidate. This makes an endpoint discovery solution a critical asset to any security operations.<\/p>\n

      The new endpoint and network device discovery capability<\/a> in Microsoft Defender for Endpoint locates unmanaged devices to ensure organizations have comprehensive visibility into their environment. This lets security operators detect anomalous network activity, in this case, the attacker\u2019s anomalous connection to the router\u2019s management port.<\/p>\n

      \"Screenshot<\/p>\n

      Figure 9. Device inventory in Microsoft 365 Defender<\/em><\/p>\n

      In addition, with ReFirm Labs recently joining Microsoft<\/a>, we continue to enrich our firmware analysis and security capabilities across devices. ReFirm\u2019s firmware analysis technology will enhance existing capabilities to detect firmware vulnerabilities and help secure IoT and OT devices via Azure Defender for IoT.<\/p>\n

      With this research, we have shown how a simple anomalous connection to a router, found through the endpoint discovery service, drove us to find several vulnerabilities on a popular router.<\/p>\n

      Routers are integral to networking, so it is important to secure the programs supporting its functions. Collaboration between vulnerability researchers, software vendors and other players is crucial to helping secure the overall user experience. This includes disclosing vulnerabilities to vendors under the guiding principles of Coordinated Vulnerability Disclosure<\/a> (CVD). We would like to thank the NETGEAR security and engineering teams for their cooperation.<\/p>\n

      Learn how Microsoft Defender for Endpoint delivers a complete endpoint security solution<\/a> that covers preventative protection, post-breach detection, automated investigation, and response.<\/p>\n

      Jonathan Bar Or<\/em><\/strong><\/p>\n

      Microsoft 365 Defender Research Team<\/em><\/p>\n

      READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

      We discovered vulnerabilities in NETGEAR DGN-2200v1 series routers that can compromise a network’s security\u2014opening the gates for attackers to roam untethered through an entire organization. We shared our findings with NETGEAR through coordinated vulnerability disclosure via Microsoft Security Vulnerability Research (MSVR), and worked closely with NETGEAR security and engineering teams to provide advice on mitigating these issues.
      \nThe post Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise appeared first on Microsoft Security Blog. READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":41560,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347,7221,19],"class_list":["post-41559","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity","tag-microsoft-security-intelligence","tag-vulnerabilities"],"yoast_head":"\nMicrosoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-30T17:00:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png\" \/>\n\t<meta property=\"og:image:width\" content=\"936\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise\",\"datePublished\":\"2021-06-30T17:00:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/\"},\"wordCount\":1438,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png\",\"keywords\":[\"Cybersecurity\",\"Microsoft security intelligence\",\"Vulnerabilities\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/\",\"name\":\"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png\",\"datePublished\":\"2021-06-30T17:00:19+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/06\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png\",\"width\":936,\"height\":453},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-06-30T17:00:19+00:00","og_image":[{"width":936,"height":453,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise","datePublished":"2021-06-30T17:00:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/"},"wordCount":1438,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png","keywords":["Cybersecurity","Microsoft security intelligence","Vulnerabilities"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/","name":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png","datePublished":"2021-06-30T17:00:19+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/06\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise.png","width":936,"height":453},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41559"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41559\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/41560"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}