Disclosure timeline
===================
February 10th, 2016: discovered 3 issues: memory corruption, authorization bypass, CSRF.
February 10th, 2016; supplying technical details to Netgear, including POC code.
February 12th, 2016: Netgear's response - they said that only the Bezeq firmware is vulneable.
February 13th, 2016: discovering command injection vulnerability, updating Netgear.
February 14th, 2016: contacted Bezeq.
February 21st, 2016: Bezeq acknowledged.
March 3rd, 2016: Bezeq's firsty hotfix to authorization bypass vulnerability.
March 20th, 2016: disclosure, assigned DWF-2016-91000.
Technical details
=============
This firmware might reside in Netgear's own firmware as well, but was found on Bezeq firmware (custom). Issues:
1. HTTP Authorization bypass: by supplying "ess_" in the URL, authorization is not validated.
2. Command injection: the ping utility allows an attacker to run arbitrary command via the "system" API, by injecting either a pipe or backticks.
3. CSRF exposure.
4. Possible memory corruption: the basic authorization username is copied via unsafe strcpy to a global variable.
Blog post and POC code
=====================
http://securitygodmode.blogspot.com