NETGEAR recently issued a security advisory about a Transport Layer Security (TLS) certificate private key disclosure vulnerability on several of its routers. And this is apparently not the first time the company left TLS certificates and private keys exposed in their wireless router firmware.
The certificates and their private keys were embedded into the software, which was available to download for free on a public website where anyone could find it, and with a little skill read the private key. The keys could be used to intercept and tamper with secure connections (man-in-the-middle attacks) and essentially, any of the compromised routers can be hijacked.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
