Simon Kenin , a security researcher at Trustwave , was – by his own admission – being lazy the day he discovered Vulnerability-related.DiscoverVulnerability an authentication vulnerability in his Netgear router . Instead of getting up out of bed to address a connection problem , he started fuzzing the web interface and discovered Vulnerability-related.DiscoverVulnerability a serious issue . Kenin had hit upon unauth.cgi , code that was previously tied to two different exploits in 2014 for unauthenticated password disclosure flaws . The short version of the 2014 vulnerability is that an attacker can get unauth.cgi to issue a number that can be passed over to passwordrecovered.cgi in order to receive credentials . Kenin tested their exploits and was able to get his password . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . The following day he started gathering other Netgear devices to test . While repeating the process , he made an error , but that did n't prevent him from obtaining credentials . That accidental discovery Vulnerability-related.DiscoverVulnerability resulted in CVE-2017-5521 . `` After few trials and errors trying to reproduce the issue , I found Vulnerability-related.DiscoverVulnerability that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send . This is totally new bug that I haven’t seen Vulnerability-related.DiscoverVulnerability anywhere else . When I tested both bugs on different NETGEAR models , I found Vulnerability-related.DiscoverVulnerability that my second bug works on a much wider range of models , '' Kenin explained in a recent blog post . There are at least ten thousand devices online that are vulnerable Vulnerability-related.DiscoverVulnerability to the flaw that Kenin discovered Vulnerability-related.DiscoverVulnerability , but he says the real number could reach the hundreds of thousands , or even millions . `` The vulnerability can be used by a remote attacker if remote administration is set to be Internet facing . However , anyone with physical access to a network with a vulnerable router can exploit it locally . This would include public Wi-Fi spaces like cafés and libraries using vulnerable equipment , '' Kenin wrote . Kenin reached out to Netgear and reported the problems , but it was no easy task . The first advisory listed 18 devices that were vulnerable Vulnerability-related.DiscoverVulnerability , followed by a second advisory detailing an additional 25 models . A few months later , in June 2016 , Netgear finally published an advisory that offered Vulnerability-related.PatchVulnerability a fix for a small subset of the vulnerable devices , and a workaround for others . Eventually , Netgear reported that they were going to fix Vulnerability-related.PatchVulnerability all the unpatched models . They also teamed up with Bugcrowd to improve their vulnerability handling process . Netgear has a status page on the vulnerability , they also provide a workaround for those who ca n't update their firmware yet . It was n't until after the story ran that the PR firm representing Trustwave and pitching the research named Simon Kenin as one who made the discovery Vulnerability-related.DiscoverVulnerability . Netgear issued a statement , downplaying the discovery some Vulnerability-related.DiscoverVulnerability , and reminding users that fixes are available Vulnerability-related.PatchVulnerability for most of the impacted devices . The emailed comments are reprinted below : NETGEAR is aware of the vulnerability ( CVE-2017-5521 ) , that has been recently publicized Vulnerability-related.DiscoverVulnerability by Trustwave . We have been working with the security analysts to evaluate the vulnerability . NETGEAR has published Vulnerability-related.DiscoverVulnerability a knowledge base article from our support page , which lists the affected routers and the available firmware fix Vulnerability-related.PatchVulnerability . Firmware fixes are currently available Vulnerability-related.PatchVulnerability for the majority of the affected devices . To download the firmware release that fixes Vulnerability-related.PatchVulnerability the password recovery vulnerability , click the link for the model and visit the firmware release page for further instructions .

Cisco 's Talos says they 've observed Vulnerability-related.DiscoverVulnerability active attacks against a Zero-Day vulnerability in Apache 's Struts , a popular Java application framework . Cisco started investigating Vulnerability-related.DiscoverVulnerability the vulnerability shortly after it was disclosed Vulnerability-related.DiscoverVulnerability , and found Vulnerability-related.DiscoverVulnerability a number of active attacks . In an advisory issued on Monday , Apache says Vulnerability-related.DiscoverVulnerability the problem with Struts exists within the Jakarta Multipart parser . `` It is possible to perform a RCE attack with a malicious Content-Type value . If the Content-Type value is n't valid an exception is thrown which is then used to display an error message to a user , '' the warning explained . `` If you are using Jakarta based file upload Multipart parser , upgrade Vulnerability-related.PatchVulnerability to Apache Struts version 2.3.32 or 2.5.10.1 . You can also switch to a different implementation of the Multipart parser . '' The alternative is the Pell parser plugin , which uses Jason Pell 's multipart parser instead of the Common-FileUpload library , Apache explains . In addition , administrators concerned about the issue could just apply the proper updates , which are currently available Vulnerability-related.PatchVulnerability . In a blog post , Cisco said they discovered a number of attacks that seem to be leveraging a publicly released proof-of-concept to run various commands . Such commands include simple ones ( 'whoami ' ) as well as more sophisticated ones , including pulling down malicious ELF executable and running it . An example of one attack , which attempts to copy the file to a harmless directory , ensure the executable runs , and that the firewall is disabled is boot-up , is below : Both Cisco and Apache urge administrators to take action , either by patching Vulnerability-related.PatchVulnerability or ensuring their systems are not vulnerable . This is n't the first time the Struts platform has come under attack . In 2013 , Chinese hackers were using an automated tool to exploit known vulnerabilities in order to install a backdoor .