Skip to content

Instantly share code, notes, and snippets.

@nstarke
Last active April 30, 2024 06:02
Show Gist options
  • Save nstarke/a611a19aab433555e91c656fe1f030a9 to your computer and use it in GitHub Desktop.
Save nstarke/a611a19aab433555e91c656fe1f030a9 to your computer and use it in GitHub Desktop.
Netgear TLS Private Key Disclosure through Device Firmware Images

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

routerlogin.net

Both keys found were contained in the R9000-V1.0.5.8 firmware image file available here: http://www.downloads.netgear.com/files/GDC/R9000/R9000-V1.0.5.8.zip

This is the output from reading the certificate file in openssl:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c1:a1:00:64:07:61:2c:07:00:00:00:00:50:f1:09:6a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
        Validity
            Not Before: May  1 00:23:51 2019 GMT
            Not After : Jul 30 00:53:50 2021 GMT
        Subject: C = US, ST = California, L = San Jose, O = "Netgear, Inc", CN = www.routerlogin.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6d:0a:79:c9:ca:64:cd:ea:f0:ac:f4:bf:f6:
                    37:2b:1b:5a:f9:2c:10:52:d6:ee:4e:21:d3:00:2b:
                    18:fd:08:a0:6b:92:26:86:40:26:ef:f3:b7:dc:4d:
                    63:b8:04:0e:a0:78:bc:87:4e:50:d6:2d:3c:d4:f1:
                    ed:b8:10:9c:bf:e7:eb:59:a9:19:4d:f7:dc:73:9d:
                    b0:13:0a:29:41:4e:47:25:25:11:18:64:83:67:bd:
                    77:6d:22:b3:1f:df:db:29:09:20:d9:a1:3f:67:95:
                    83:ce:7e:02:c8:6f:46:46:f5:60:1b:75:30:8a:dc:
                    c4:a0:e6:e3:97:e0:f5:d7:ce:15:21:2d:26:c2:ef:
                    66:a6:79:bf:ac:28:af:e2:d4:7f:6e:8d:31:a5:07:
                    fa:c6:e2:91:cc:b0:cf:c8:27:4c:f1:8d:d8:14:8b:
                    ca:d5:c7:2b:10:72:12:66:63:46:02:1b:f2:ab:8a:
                    a2:1c:18:39:1f:4c:ed:a9:ca:ed:e7:05:96:a6:6a:
                    a0:ab:76:bd:68:c6:ee:43:4d:e4:51:ce:79:a3:0b:
                    81:7c:ea:67:87:75:03:25:ee:5f:f9:67:d7:12:a8:
                    76:c5:a3:37:35:5f:d1:61:26:ab:9a:f3:b3:7d:4d:
                    d1:24:73:ed:d7:74:3e:e8:b9:d5:4e:d7:9f:b5:f2:
                    46:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:www.routerlogin.net, DNS:routerlogin.net, DNS:www.routerlogin.com, DNS:routerlogin.com
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
                                C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
                    Timestamp : May  1 00:53:53.294 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:0B:F3:9B:CB:60:8F:CE:00:51:E5:BE:2A:
                                61:21:2D:F6:4A:4F:AE:A8:B6:86:6D:D4:3F:30:1B:93:
                                42:C5:F5:B0:02:20:24:62:CD:72:37:EF:B9:D9:25:DF:
                                28:BC:56:E3:79:B2:21:14:58:2B:4B:05:78:D2:69:66:
                                8E:89:1A:65:32:4C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
                                8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
                    Timestamp : May  1 00:53:53.333 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:16:80:A7:86:0B:EA:DD:3F:0A:6B:5D:10:
                                1E:C3:E2:8A:92:F7:6F:28:85:9D:64:FA:CF:24:F8:02:
                                C5:A5:15:0C:02:20:34:D0:90:D7:4C:6D:14:56:49:5C:
                                DC:A6:B1:18:BC:29:32:F0:37:0A:B7:A9:5F:43:37:DC:
                                B2:F2:A4:FA:FA:AA
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 56:14:06:9A:2F:D7:C2:EC:D3:F5:E1:BD:44:B2:3E:C7:
                                46:76:B9:BC:99:11:5C:C0:EF:94:98:55:D6:89:D0:DD
                    Timestamp : May  1 00:53:53.346 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:86:C3:D7:ED:C6:80:41:33:FC:6F:8F:
                                36:00:67:BB:58:F4:52:85:D7:1F:EF:46:E5:E1:1C:1F:
                                55:40:75:EC:DB:02:20:4B:2A:41:34:4D:5E:FD:FA:87:
                                C5:E8:A1:26:9C:EF:DE:BA:09:7A:24:6D:8E:2A:46:6F:
                                12:EB:4B:DE:A4:5E:62
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
                                E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
                    Timestamp : May  1 00:53:53.335 2019 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:E9:65:92:90:57:A3:FC:D6:5C:B1:32:
                                1B:F9:AF:78:85:91:F8:72:43:95:98:38:33:E6:75:A4:
                                FC:AA:29:BF:15:02:20:79:8A:8A:8F:44:F2:72:E5:05:
                                5F:7D:5E:FA:95:41:03:AA:BE:BF:95:44:5C:12:A5:C8:
                                6D:EE:31:E3:D6:E3:1F
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.entrust.net/level1k.crl

            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.114028.10.1.5
                  CPS: http://www.entrust.net/rpa
                Policy: 2.23.140.1.2.2

            Authority Information Access: 
                OCSP - URI:http://ocsp.entrust.net
                CA Issuers - URI:http://aia.entrust.net/l1k-chain256.cer

            X509v3 Authority Key Identifier: 
                keyid:82:A2:70:74:DD:BC:53:3F:CF:7B:D4:F7:CD:7F:A7:60:C6:0A:4C:BF

            X509v3 Subject Key Identifier: 
                5D:17:F2:BC:F7:B8:2D:0B:B8:4C:E8:EA:A2:79:E9:10:65:29:62:9D
            X509v3 Basic Constraints: 
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         21:36:ac:a8:3a:e8:47:17:90:dd:d8:5c:e0:27:78:f1:d6:f9:
         b8:94:29:64:76:8f:79:4c:51:7b:c6:2c:e7:78:4f:6c:c3:3c:
         18:55:3e:48:ba:0d:65:2f:5c:0c:7a:8c:8b:cd:7e:d9:fc:e3:
         89:54:07:41:2c:e9:f6:7f:bc:eb:22:e0:45:20:5c:5b:1d:87:
         9c:19:38:76:fd:65:67:57:43:8e:eb:5d:1d:4e:81:bd:7e:53:
         0a:7b:85:aa:13:ba:7e:bc:eb:87:2d:51:44:3e:5b:54:71:82:
         b0:a4:69:4a:7d:f9:ea:df:51:f2:f8:53:a8:5c:6e:34:71:8c:
         1d:d5:16:57:cc:80:37:4d:2c:8d:5c:79:2d:4e:22:d0:ef:42:
         ea:f9:21:4f:e9:b2:95:1a:4d:cc:0c:e2:87:2c:a4:1a:ed:a0:
         55:0f:52:0c:24:b3:dc:1e:fd:f8:cf:df:91:3c:98:a7:8f:9f:
         e6:da:92:f7:13:d4:91:c2:cb:0a:40:12:fa:a0:db:57:4c:30:
         ae:65:47:5a:25:a5:40:7c:98:1e:2d:51:40:82:cc:5d:5c:34:
         d1:01:8d:e3:29:55:b1:f5:59:59:7c:55:72:e2:59:99:87:64:
         3d:2b:9f:56:e9:53:13:73:af:ab:4c:e1:d8:26:be:73:7c:78:
         d7:0a:12:42

According to the above output, this certificate, which is signed by EnTrust, is valid for the following DNS host names:

The corresponding private key for this certificate is:

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJbQp5ycpkzerw
rPS/9jcrG1r5LBBS1u5OIdMAKxj9CKBrkiaGQCbv87fcTWO4BA6geLyHTlDWLTzU
8e24EJy/5+tZqRlN99xznbATCilBTkclJREYZINnvXdtIrMf39spCSDZoT9nlYPO
fgLIb0ZG9WAbdTCK3MSg5uOX4PXXzhUhLSbC72ameb+sKK/i1H9ujTGlB/rG4pHM
sM/IJ0zxjdgUi8rVxysQchJmY0YCG/KriqIcGDkfTO2pyu3nBZamaqCrdr1oxu5D
TeRRznmjC4F86meHdQMl7l/5Z9cSqHbFozc1X9FhJqua87N9TdEkc+3XdD7oudVO
15+18kbFAgMBAAECggEAXO3t01qCAhfuuLNTB+10bnLkeekWbuGyeGGqk31Ovg7o
1DhNhcq7LCFpRj5+LzvP88FAWbyMFwQv+J7VagJgDznUnz0g65PbJYwu29noRrTy
pfR/+p0E8yu6maNUuPPyjPAlM8LtGcElWnNQnWCZL8utV32ts6M/JGzhvASR58ne
5M6fB3RPgfoe50zaBu7lQ5YhlNpj8J0P1eg0gl/535nx2FqejqqkBu10xfo3T3dA
KdJIuNA3rU9BHjzYl/+8SKZ9wYekuf79CM+zSrVe2iJ7gZP2V3XhUdtKgL8ZgNHG
TNW4LOIOvG7/4XH+GkacspjC5ZA/OOlx/yqXzkE/UQKBgQDoyRhy5jBF0TNPrR1A
smQK+t1eEI27LbM7cFnldlbGa/gP+3U8zPMBGru7fdED9dVzJ+2p6lzHkDAP3KcT
ftOIeABWtGWZ724whxDu996BeXI0lnWjY8dEUT3aod9lpC/PUiCV+MmUSTPBFXMl
bF5ZA+dpbmp7IBP/7FIdRveuPwKBgQDdg1mW2sm0GdeEETu3oeK4Xi+7X63jhc33
VsBJ5285RmQWLPbMAANirHIQ+mTU4XIn24LNfugteT5ocJlY7TjTje4ldNY5k0Ha
9tJYMD3ZnmT++NEFM919vaelCoGMj0K2KUYZ4ef/IT9iisUA+Wz9HL5So99J/RFw
Hhr5D+fR+wKBgQCVAGsq2Jabid27KUbpK4aH1K2vUQ83eXgZGsAf9VBz75Y3vK/9
O/5rfY4e49jPHSMEc9FXipDamDt7W7SB8RM7bfxhg1TpZG12mG3JWFVPMMpeSNSB
whNBcnMSJ7zT1XVY0evTswxsYzLCa5VppeT6O1p7jNaReyXyEXU6EjvlhwKBgQCW
rBuqUxPUH6fKu3YlSEZRJi/Ngh1jn8YjsayGGJg9GzZFJzyQMooa+jV0ev1PGDJw
Dg4A/YusMsZSgBSuul1m+Sm97KUy8IlhCXa2acoIVodYL6LtqQPF3dVEm8rW8zNr
eNOoE1Oc5N6ahs3OBdsup/iFedYOG8davf+W3kzPNQKBgQCVJ1ehlnFwT8bFs+PU
hgrLHrvh6XHqcdJ1NOR52Su5Ge0ZdaAFtisSoJm2bVpbfyFJbfjMRg1FdhZr71Kb
LLG0IuutcnTua/FicLhUjFT5qrfs9he8trAhMgjT4t4HCH0H19JoaEOUUU8FMPLi
QZbodRspSr2dBf316Kh1N8C8Yg==
-----END PRIVATE KEY-----

These files were found respectively at /etc/uhttpd.crt and /etc/uphttpd.key in the aforementioned firmware image.

mini-app.funjsq.com

In the same firmware image was an additional valid TLS Certificate and its corresponding private key.

The files were found at the paths /data/funjsq/config/httpd/cert.pem and /data/funjsq/config/httpd/key.pem.

The openssl output for this certificate is:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bf:c0:c9:fd:2e:8c:92:ec:4e:bf:10:d8:c1:28:3d:0b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
        Validity
            Not Before: Jul 26 00:00:00 2018 GMT
            Not After : Jul 25 23:59:59 2020 GMT
        Subject: OU = Domain Control Validated, OU = PositiveSSL, CN = mini-app.funjsq.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:57:d5:45:ad:bd:60:c8:af:6f:50:97:ef:df:
                    67:b0:1d:69:1d:a3:75:e9:ba:08:8d:4c:54:2e:b6:
                    83:1c:2e:e1:1f:66:0c:fb:7a:d0:9a:ce:52:a4:3f:
                    75:70:f4:39:73:f3:f5:86:2e:96:59:e6:a5:54:62:
                    17:52:15:ad:6f:22:bd:7d:84:36:14:7a:3b:1c:60:
                    61:7a:7d:86:d8:e2:99:49:d4:06:e9:7a:00:f2:43:
                    f9:11:87:06:c8:20:0e:fc:15:51:bb:13:9d:ed:27:
                    39:df:cd:ec:46:6f:ed:a7:56:4f:71:a3:46:d7:25:
                    f2:5a:38:a9:23:a1:89:0e:6e:f1:3d:6b:04:05:0e:
                    8b:32:bc:f1:1c:0e:f8:6c:95:e2:cd:6c:38:1a:e6:
                    a6:3f:3b:22:41:f7:23:45:36:82:58:3c:a5:89:aa:
                    6e:16:e0:32:c2:38:a8:42:ba:de:ae:b4:03:f3:0b:
                    a4:9e:6b:a6:31:68:14:da:20:93:aa:a7:a7:49:f4:
                    6d:3e:c8:39:72:e1:62:35:cc:67:3f:08:2e:ae:8b:
                    ac:fc:14:3b:9d:b8:c7:5b:9b:db:08:3a:2b:98:aa:
                    0e:3e:92:5c:e7:e6:db:13:bb:47:e0:3b:3d:60:e5:
                    f3:22:e8:8f:01:04:cf:e3:c3:fc:7e:e2:6c:23:2c:
                    48:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7

            X509v3 Subject Key Identifier: 
                27:B5:A2:32:E3:84:92:C6:D3:38:A3:83:6A:61:B2:C0:E7:43:53:1D
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://secure.comodo.com/CPS
                Policy: 2.23.140.1.2.1

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.comodoca.com

            X509v3 Subject Alternative Name: 
                DNS:mini-app.funjsq.com, DNS:www.mini-app.funjsq.com
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:4B:BD:B7:75:CE:60:BA:E1:42:69:1F:AB:E1:9E:66:
                                A3:0F:7E:5F:B0:72:D8:83:00:C4:7B:89:7A:A8:FD:CB
                    Timestamp : Jul 26 14:44:17.854 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:94:5A:FE:A8:70:93:59:E5:0A:F1:B5:
                                29:FE:2E:0D:91:34:D5:A8:A9:1D:C1:63:77:16:F3:75:
                                67:16:6C:25:33:02:21:00:93:66:BA:D6:27:57:D8:59:
                                A5:C7:73:87:23:AB:F9:84:D9:DD:BA:50:A7:FC:5E:8E:
                                40:74:A0:DD:9C:BA:CF:BD
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 5E:A7:73:F9:DF:56:C0:E7:B5:36:48:7D:D0:49:E0:32:
                                7A:91:9A:0C:84:A1:12:12:84:18:75:96:81:71:45:58
                    Timestamp : Jul 26 14:44:18.391 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F1:07:91:63:03:B7:51:60:5F:ED:FD:
                                72:43:E7:8F:98:34:A8:9E:85:CF:C1:33:AB:AF:7C:C1:
                                B3:16:75:A8:79:02:20:30:F7:DB:8E:C7:D3:9F:86:42:
                                80:B7:C6:6B:0D:D5:14:85:99:BC:3F:99:79:D3:43:24:
                                3C:17:4F:2E:BE:A6:6A
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 55:81:D4:C2:16:90:36:01:4A:EA:0B:9B:57:3C:53:F0:
                                C0:E4:38:78:70:25:08:17:2F:A3:AA:1D:07:13:D3:0C
                    Timestamp : Jul 26 14:44:17.893 2018 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F8:DF:94:32:61:C5:71:5F:D5:84:87:
                                15:58:57:B8:9E:9F:81:88:A5:3A:4E:C1:8A:6E:73:38:
                                19:FD:33:9B:D4:02:20:73:80:2E:EE:4F:1D:F0:08:9A:
                                1D:85:FB:51:D8:66:7A:96:2F:C0:12:4E:EF:AD:2E:1D:
                                6E:B7:FC:3D:7D:DB:B8
    Signature Algorithm: sha256WithRSAEncryption
         61:da:c4:80:ee:eb:f7:67:95:31:b8:55:7f:27:64:30:68:9f:
         5e:2d:5c:40:cc:a7:12:f9:74:a6:e8:b1:d2:10:b7:c8:99:80:
         05:25:56:d1:51:59:5d:54:d9:a5:bd:c5:d4:ac:da:16:73:d9:
         8d:97:cc:f5:64:85:3d:1f:02:c4:37:b5:7b:9a:06:fb:a0:bf:
         d4:27:11:c0:98:f0:28:aa:84:bc:3b:bf:67:18:cc:3d:13:46:
         4d:18:9b:ca:62:09:52:2d:df:df:b2:4b:ac:fb:b2:7d:58:16:
         39:87:20:d6:c9:82:cf:e5:2a:9d:e9:6d:7f:6f:56:6d:b7:a4:
         be:54:c4:ed:4a:73:74:10:b4:a2:94:e9:10:4a:69:9d:60:0d:
         ec:45:4c:e4:12:d9:ab:ce:28:fc:da:4e:e7:d6:90:3e:87:2b:
         2d:24:de:79:84:10:95:c7:be:4a:9f:c7:b2:64:0e:b3:0d:3e:
         15:7c:32:c4:84:3a:d7:b5:67:96:0e:cc:3c:5e:e3:a0:cb:31:
         d0:81:85:af:1e:bc:a6:fd:84:ec:76:e9:31:95:6a:dc:de:49:
         59:24:14:66:a7:69:6b:f0:4d:14:1f:e2:31:f9:42:1d:d8:76:
         9f:08:0a:2b:5c:53:8f:86:60:5a:65:ce:6a:dc:56:ef:b7:30:
         69:f3:37:ec
-----BEGIN CERTIFICATE-----
MIIG4TCCBcmgAwIBAgIRAL/Ayf0ujJLsTr8Q2MEoPQswDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTgwNzI2MDAwMDAwWhcNMjAwNzI1MjM1OTU5WjBXMSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRww
GgYDVQQDExNtaW5pLWFwcC5mdW5qc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzFfVRa29YMivb1CX799nsB1pHaN16boIjUxULraDHC7hH2YM
+3rQms5SpD91cPQ5c/P1hi6WWealVGIXUhWtbyK9fYQ2FHo7HGBhen2G2OKZSdQG
6XoA8kP5EYcGyCAO/BVRuxOd7Sc5383sRm/tp1ZPcaNG1yXyWjipI6GJDm7xPWsE
BQ6LMrzxHA74bJXizWw4GuamPzsiQfcjRTaCWDyliapuFuAywjioQrrerrQD8wuk
nmumMWgU2iCTqqenSfRtPsg5cuFiNcxnPwgurous/BQ7nbjHW5vbCDormKoOPpJc
5+bbE7tH4Ds9YOXzIuiPAQTP48P8fuJsIyxIFwIDAQABo4IDbDCCA2gwHwYDVR0j
BBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFCe1ojLjhJLG0zij
g2phssDnQ1MdMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIH
MCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgG
BmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGF
BggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2Eu
Y29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA3BgNVHREEMDAu
ghNtaW5pLWFwcC5mdW5qc3EuY29tghd3d3cubWluaS1hcHAuZnVuanNxLmNvbTCC
AX8GCisGAQQB1nkCBAIEggFvBIIBawFpAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+w
ctiDAMR7iXqo/csAAAFk1wwxPgAABAMASDBGAiEAlFr+qHCTWeUK8bUp/i4NkTTV
qKkdwWN3FvN1ZxZsJTMCIQCTZrrWJ1fYWaXHc4cjq/mE2d26UKf8Xo5AdKDdnLrP
vQB2AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZNcMM1cAAAQD
AEcwRQIhAPEHkWMDt1FgX+39ckPnj5g0qJ6Fz8Ezq698wbMWdah5AiAw99uOx9Of
hkKAt8ZrDdUUhZm8P5l500MkPBdPLr6magB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4
cCUIFy+jqh0HE9MMAAABZNcMMWUAAAQDAEcwRQIhAPjflDJhxXFf1YSHFVhXuJ6f
gYilOk7Bim5zOBn9M5vUAiBzgC7uTx3wCJodhftR2GZ6li/AEk7vrS4dbrf8PX3b
uDANBgkqhkiG9w0BAQsFAAOCAQEAYdrEgO7r92eVMbhVfydkMGifXi1cQMynEvl0
puix0hC3yJmABSVW0VFZXVTZpb3F1KzaFnPZjZfM9WSFPR8CxDe1e5oG+6C/1CcR
wJjwKKqEvDu/ZxjMPRNGTRibymIJUi3f37JLrPuyfVgWOYcg1smCz+Uqneltf29W
bbekvlTE7UpzdBC0opTpEEppnWAN7EVM5BLZq84o/NpO59aQPocrLSTeeYQQlce+
Sp/HsmQOsw0+FXwyxIQ617Vnlg7MPF7joMsx0IGFrx68pv2E7HbpMZVq3N5JWSQU
Zqdpa/BNFB/iMflCHdh2nwgKK1xTj4ZgWmXOatxW77cwafM37A==
-----END CERTIFICATE-----

The corresponding private key is:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMV9VFrb1gyK9v
UJfv32ewHWkdo3XpugiNTFQutoMcLuEfZgz7etCazlKkP3Vw9Dlz8/WGLpZZ5qVU
YhdSFa1vIr19hDYUejscYGF6fYbY4plJ1AbpegDyQ/kRhwbIIA78FVG7E53tJznf
zexGb+2nVk9xo0bXJfJaOKkjoYkObvE9awQFDosyvPEcDvhsleLNbDga5qY/OyJB
9yNFNoJYPKWJqm4W4DLCOKhCut6utAPzC6Sea6YxaBTaIJOqp6dJ9G0+yDly4WI1
zGc/CC6ui6z8FDuduMdbm9sIOiuYqg4+klzn5tsTu0fgOz1g5fMi6I8BBM/jw/x+
4mwjLEgXAgMBAAECggEANCH0d2Jr/lU07OFS4g/NFFFsj/M0Ef00UVg34fMOYBJV
vPz8MuySa+xXiS/ndnnYboy/Bwy7rxP4+h5MdNSy+reSQIOKiI7mpcaxF98OmCa3
lO5TFR3bP/O3h5E7WbNUH1wRDfljQS3QxhhzP0UvDJIokoVlfV5hBkOOY1jC7rtK
KtdInqD0y+ALkxDAj5yk/8kSxSirO5/3nzZAgzQxGr2r2psytEQlVMqRD4rcLymH
WQ2GeZe0gr9wcWiFDvFBc3S7Blh476BdNKbNuvplYdHq1PKnD1b2NegBIzYH+fb6
DE+XLCrSADwDbIE//L4B+fvK6eOciMPqvmUD2mPGAQKBgQD2Qcu7LexNlKbk3B8v
BBYwSda+GCclvnAAZdBrEtp++nuCHhusk6UokM4e3Xabq8//pFm9UDaGdmW0S+Bs
37TvcbWNidpJ7hEOS93sQ9dp/08GQKRb/tAfHRJ/GRgnd9tJKvuQwx/5PRBl4gJb
EROFG+zNnNSFXZU8i0pwxUig0QKBgQDUbYOMm7Py8sYSU5dLfCPCvLFdYCddppfh
7wwFduF1ipqTfhFejOy+2TnxHFOEBX96GfNRwtgP5FmKMEmbSYELEH7V+6yJus+k
MGxck6+pD2aX7bIUA96HOHCCOUA4zE6V/aN7nIon+jgtj2vkjB3m7FCv6Tu05jTS
C1wsXv9UZwKBgQDs2SGTGTsy7uuKKPDRLpQMw6gH04ErezuMFmDb6xk9kbrizgR9
+s+Z8ZRd+VFPrnNyhGdPfuvCbfOp8mSbMpp6xhoBVPofqxq6blu3FxUDvOwLrnam
iLExi6uzlLY3l77QY8frVtDUzleMNlFft0/X8aDTrah10SltPudNCWKuUQKBgEy2
e8IkXHjI6XSm0UVGQFfL8rVIyw6L4d+KhynWA5eCBU5sQXOGqtxE8CK9Wv+bSKzc
gD0vgv1CNn+r7njws3Q+cb9u0qEuYFvnzMol31LLJ/6HrT6DIzJr1F2CtUmNpneO
ECLMpivHtc/mMk1nuEizYHQWYyRx2fNcfN3dNJHTAoGBALeEHU0qn883Us/iyftC
mB4CqgWDJ22jhDWbpu/mdagCymRWuP8hPHXlGcMSBSo2fZz9TBx9p5dAJkXSbUd+
BiG73boMCjmNrJnB+06rh7lwcPIGpD3XAhQ14rm7YUC8Y7VAUGw6e/H51zOJ+eQx
xqGaW9IOaJ7fMqT2LMo1yENb
-----END PRIVATE KEY-----

The DNS host name for the certificate is mini-app.funjsq.com.

Rationale for Full Disclosure

We are aware that Netgear has public bug bounty programs. However, at current date those programs do not allow public disclosure under any circumstances.

We as researchers felt that the public should know about these certificate leaks in order to adequately protect themselves and that the certificates in question should be revoked so that major browsers do not trust them any longer. We could not guarantee either if we had used the existing bug bounty programs.

Disclosure Timeline

  • Tuesday, January 14th 2020 - Initial Discovery
  • Tuesday, January 14 2020 - Tweet sent attempting to establish communications with Netgear
  • Wednesday, January 15 2020 - Reached out to Bugcrowd to attempt to establish communications.
  • Thursday, January 16 - Bugcrowd responds, but we are unable to establish a communications channel outside of the Netgear bug bounty programs.
  • Friday, Jaunary 17th - Conversation with bugcrowd proves inconclusive
  • Sunday, January 19th - Feeling we have exhausted our disclosure avenues, we decide to publish

Credits

  • Tom Pohl (@tompohl)
  • Nick Starke (@nstarke)
@gnuheidix
Copy link

It seems Netgear is already patching this stuff out of some of their devices. In this firmware 2.5.1.8 it's self-signed and in its predecessor 2.2.1.212 it's an Entrust certificate which is expired by now. In the release notes of 2.5.1.8 it is noted as "Update the web server certification of RBR50/RBS50."

In my opinion Netgear was very well aware of this screw-up prior to this bug report.

@acohn
Copy link

acohn commented Jan 20, 2020

Sectigo/Comodo has revoked the mini-app.funjsq.com certificate as of about eight hours ago. The routerlogin.net one is still currently valid.

@IanBP
Copy link

IanBP commented Jan 21, 2020

Netgear uses another domain, mywifiext.net, for their wireless range extenders. I'd wager that the same issue exists for those devices as well.

@ringdan
Copy link

ringdan commented Jan 21, 2020

Aside from the certificate issue, Netgear probably should improve their bug report and bug bounty process.

@gnuheidix
Copy link

Netgear has published a security advisory. https://kb.netgear.com/000061582/

@Celestial-intelligence
Copy link

You should also look at Aruba Access Points. Saw same private shit out there. (Aruba AP-225 https://support.arubanetworks.com/Default.aspx?TabId=121&DMXModule=661&EntryId=33599)
By the way, they don't have open bug bounty program.
And they are the main contractor of the US Army.

@domenukk
Copy link

Netgear has published a security advisory. https://kb.netgear.com/000061582/

Under "Workarounds":
Instead of using HTTPS, log in to your router’s web browser interface using HTTP: http://routerlogin.com.

Instead of allowing active attackers to decrypt, send decrypted. Makes you wonder.

Copy link

ghost commented Jun 13, 2020

@marcan I'm not sure how you came to the conclusion that it being someone else's bug makes it Netgear's bug.

And who even is "WebPKI"? 🤣 An abstract concept can't have rules nor requirements

@marcan
Copy link

marcan commented Jun 14, 2020

And who even is "WebPKI"? An abstract concept can't have rules nor requirements

The WebPKI is managed by the CA/Browser forum, an organization with actual rules and requirements that they all agree to uphold.

@minanagehsalalma
Copy link

minanagehsalalma commented Sep 3, 2020

@marcan is it possible to decrypt the encrypted packets after capturing them using airodump ?

if so how can that be possible ?

edit : i think i found it
https://accedian.com/blog/how-to-decrypt-an-https-exchange-with-wireshark/

@marcan
Copy link

marcan commented Sep 4, 2020

Only if the session is not using a ciphersuite with perfect forward secrecy, otherwise you need an active attack.

@minanagehsalalma
Copy link

minanagehsalalma commented Sep 4, 2020

Only if the session is not using a ciphersuite with perfect forward secrecy, otherwise you need an active attack.

@marcan what about this one ?

the cert file exported from the copy to file option when clicking on the cert info in google chrome https://ufile.io/w1v256rd

and this what shows up when i open the page with fiddler on.

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.3 (TLS/1.2)
Random: 33 36 29 0C 1F C3 CA 3E D6 C7 D2 9E F3 17 5A C0 EE 89 4B 85 EE 61 2D BD 31 D5 61 EB 9C 8A D9 F5
"Time": 6/19/1976 1:17:23 PM
SessionID: F6 5F 76 F3 EA DD 0E 14 AD 52 05 2C A9 F1 96 6C FB 7D 0D D7 3A FC 47 D0 DC A8 26 35 C1 40 94 1F
Extensions:

also here is the pcap file from wireshark

https://ufile.io/yaid56oe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment