EH-Net

I decided to include one of my routers in my vulnerability scan, I dont know why I didnt think of it earlier... Anyway, it came up with approx 5 vulnerabilities. Now this is a commercial Netgear WGR614v10 router. The scanner detected the OS as Linux, but I am not aware of any way to communicate with the OS outside of the GUI web interface. So how can I re-mediate these vulnerabilities? There is no firmware update available for the device.

I considered trying to load DD-WRT on another device I had at one point but I am unfamiliar with it.. looking at the DDWRT site, it is in progress for v9 of the firmware for this device, I have no idea how well the list or the project is maintained.

Do you have additional information on the 5 vulns it found? I've only found 2 DOS issues that that device has in regards to the web interface. The DOS may only be that which would be a nuisance on a home network but obviously more of an issue on a business network. Keep in mind that a DOS may actually be more than that, it could be that the researcher just didn't do enough work to get code execution and stopped at the DOS.

If there are no firmware updates for that device then you wont be able to remediate those vulns. However, you can mitigate your risk by making sure that the web interface is not exposed externally or using a different OS on the device like you mentioned. DD-WRT is actively maintained but like anything else, has its own issues:

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=dd-wrt&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve= (http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=dd-wrt&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=)

If I were you... I'd try to bust into that thing and see for yourself how big of a risk those vulns are!

The vulnerabilities were a TCP Sequence number Approximation vulnerability CVE-2004-0230

2 instances of Nameserver Processes Recursive Queries

ICMP timestamp response cve 1999-0524

and unencrypted telnet service available

The only one I am familiar with is the Timestamp vulnerability, having remediated it on my PC previously. I attempted to telnet to the device, but didnt have  any luck, the connection appeared to be established but I didnt receive any data on the terminal emulator.

If this is on your home network, on the LAN side then don't worry about those. If you're not using telnet to your router then turn that service off. Rule of thumb....turn everything off and then only turn on stuff you need.

If this was from the outside in, you'd have some issues but these are minuscule compared to other issues you may encounter on your network, IE bad wifi security, poor client security/patching etc etc etc.....

Ok.

I do have other routers available if I felt it was an unnecessary risk. Supposedly that is what security is about, risk management. Heck, give me a shell prompt any day...

It certainly is. There may be a vulnerability, but if there is no measurable threat, then you have no risk so you're probably better off focusing on other issues.