The NETGEAR N750 (WNDR4300) SOHO WiFi router/gateway is a popular choice for 802.11a/b/g/n WiFi, but has some glaring security vulnerabilities that can allow anyone on the network (LAN-side including wireless) administrative (unauthenticated) access to the router or access to otherwise private data (keys to the WLAN from the guest network for example).
The firmware for this router is based on OpenWrt, with much of the custom source published publicly by NETGEAR.
A brief synopsis of some of the known vulnerabilities are:
- Anyone on the LAN or the non-guest WLAN can enable an unauthenticated telnet interface with full access to the router.
- Anyone on the LAN or the non-guest WLAN, or if remote administration is enabled also the WAN, can gain unauthenticated access to the administrative web interface.
- Anyone on the LAN or the non-guest WLAN, or if remote administration is enabled also the WAN, can disable authentication to the administrative web interface without being authenticated.
I’ll explain how I fixed some of these security vulnerabilities (without having to use one of the many custom firmwares such as dd-wrt) below.