Solar Security

inCode Logo

Solar inCode is a next-generation software for application security testing. Solar inCode’s convenient interface requires just a couple of clicks, since all the intricate variability of algorithms and settings is automated as much as possible.

If the source code is available, the scanner easily integrates with software repositories. Otherwise, a working copy of the program can be simply uploaded to Solar inCode. Mobile software can be tested by merely copying a link to the app in Google Play or Apple Store into the Solar inCode menu.

Solar inCode provides detailed recommendations and instructions on addressing any vulnerabilities by either (1) amending the source code or (2) using remedies available in SIEM, WAF and Firewall systems.


  • No need for source code to analyze Applications
  • Test results are generated in the format of specific recommendations on addressing vulnerabilities
  • Detailed instructions are produced on setup procedures for SIEM, WAF, FW and NGFW security systems
  • Several code analysis technologies are employed to detect a greater number of vulnerabilities
  • A user-friendly interface that enables scanning by just two mouse clicks
  • The product seamlessly integrates with the process of secure software development


  • Web and mobile applications are available to external users; the IS department, while having no control over their security, is still held responsible for incidents
  • Lack of proper communication between the IS department and developers: the source code is not handed over to IS, or, at best, IS gets an archive that is almost impossible to sort out
  • Web application code errors take too long to fix
  • Data leaks owing to bugs intentionally built into the code by developers
  • Lack of control over the security of applications used by the company





Solar inCode consists of three functional elements:

  • The analytical system
  • The reporting system
  • The Fuzzy Logic Engine to process false positives

This structure makes our product a fast and efficient application security-testing tool that requires no lengthy setup or training.


Solar Dozor is a comprehensive Data Loss Prevention (DLP) solution to monitor employees’ digital communications at the workplace.

Solar Dozor is customized to identify and investigate suspicious employee behavior that may cause serious financial losses to the employer such as early warning signs of fraud, conflicts of interests or affiliation with 3rd party, etc.


  • Predictive monitoring for early detection of employee’s unlawful activities and corporate fraud signs.
  • Full archive of employees’ digital communications data with advanced search capabilities
  • Case-files for employees and restricted data objects
  • Incident lifecycle management throughout the investigation process
  • All required features of a DLP solution to monitor employees digital communications.


  • Identification og employee’s abnormal behavior in the workplace
  • Identification of unusual and risky contacts of employees
  • Social graph to depict employee relations to other users
  • Employee Loyalty Index for each person
  • Tips on further steps conducting an investigation
  • Data analysis based on OLAP and BI Technologies


Dozor Structure


Solar Dozor 6.0 consists of the following components:

  • DLP modules to monitor and classify intercepted messages; these modules may be deployed at the edge of the network;
  • Full communications archive to accumulate hundreds of terabytes of employees’ generated data for reliable storage and forensics;
  • Analytical tools to conduct investigations, maintain case files and run automatic examination of incidents.

Positive Technologies

Positive Technologies helps you safeguard your business from security threats you can’t see. Protecting your organization is serious business that deserves to be based on science, not speculation; on modern technologies, not new buzz words.


Coordinated Protection from Malware and Advance Persistent Threats

No single anti-virus solution can offer complete protection against Information Security threats including Malware and Advance Persistent Threats (APT), but attempting to deploy multiple Anti-Virus (AV) solutions typically increases your administrative burden and often results in clashes between competing tools.

PT Multiscanner is the first enterprise solution to address this challenge by combining and coordinating the AV definitions from multiple vendors in a single scan, offering increased overall protection without the need to conduct additional tests or consolidate separate results.

Optimize Malware and APT detection effortlessly

PT Multiscanner is a multi-engine, stream-based antivirus platform that provides high-performance analysis of data stored or transmitted via corporate networks including file storage, web portals, email, and network traffic.

Benefit from simultaneous protection from market-leaders such as SymantecTM, McAfeeTM, Trend MicroTM, Kaspersky Lab, ESET and Bitdefender® without the need to buy licenses separately from each vendor.

Consolidated scan results are presented in a single, user-friendly interface, giving you full visibility of threats in your network. And the sooner you find these hazards, the faster you can fix them.

Comprehensive Coverage without Compromising Privacy

PT Multiscanner is a locally-hosted solution that works from within the enterprise’s security perimeter; ensuring confidential data is never exposed to third parties. Use it to tackle a range of security challenges:

  • Monitor network traffic in real time
  • Protect email traffic and limit social engineering attacks
  • Analyze file storage to detect infected files and block the spread of viruses and malware
  • Safeguard web portals to prevent data leakage, maintain uptime and protect end-users from malware
  • Perform standalone malware checks on individual files uploaded to a locally-hosted portal
  • Simplify incident investigation with retrospective analysis that tracks suspect files through your infrastructure

An optional independent verification feature allows organizations to double-check scan results with VirusTotal. All private data is anonymized and hashed before upload to the cloud.

PT Multiscanner’s flexible APIs make it easy to integrate with existing systems including mail or file servers, proxy servers, IPS/IDS, monitoring and network forensic tools.



Almost every modern enterprise uses hundreds of Web, mobile or ERP applications to help run their operations. But as your number of applications grows, so does the number of security vulnerabilities within them that could be exploited to damage your business. The Verizon 2014 Data Breach Investigation Report (DBIR) shows that last year 35% of security breaches involved attacks against web applications, up by 14% since 2012. Moreover, Web app attacks were the most common cause of data breaches, followed by cyber-espionage, POS intrusion and insider misuse.

AppFW01 AppFW02 AppFW03 AppFW04 AppFW05

Why do these attackers succeed? The fact is that most application security threats are created by developers’ mistakes that cannot be addressed with traditional security scanners, IDS or firewalls:

  • Attackers often exploit zero-day vulnerabilities, making signature analysis obsolete and confirming the need for adaptive solutions, self-learning and behavioral analysis techniques.
  • Modern corporate applications use different languages, protocols and technologies, as well as customized solutions and third party code. Protection of such applications requires thorough analysis of the application structure, user interaction patterns and usage context.
  • Modern firewalls deal with thousands of suspicious incidents. There is no time for security specialists to check them all manually to identify the real threats. There is an urgent need for automatic sorting, ranking and smart visualization of security events.
  • Even well-known vulnerabilities cannot be fixed immediately; patching of ERP or e-banking systems can take months. An application security system should have a mechanism to mitigate breaches while developers are fixing the code.
  • Secure SDL may dramatically reduce the cost of errors as long as they are fixed at the early stages of coding, but it’s hard to find effective automated solutions for code analysis.


PT Application Firewall, a smart protection system developed by Positive Technologies, is a serious response to the security challenges created by today’s range of web portals, ERP and mobile applications. PT AF can block 30% more network attacks than other firewalls thanks to several innovative security technologies.

  • Fast adaptation to your systems: Instead of applying the classical signature method, PT AF analyzes network traffic, logs and users’ actions, constantly creating and maintaining a real-time statistical model of the application during normal operation. It then uses this model to detect abnormal system behavior. Together with other protection mechanisms, it ensures 80% of zero-day attacks are blocked without any special adjustment needed within the client.
  • Focus on major threats: PT AF weeds out irrelevant attack attempts, groups similar incidents and detects attack chains — from spying to data theft or backdoor setup. Instead of thousands of potential attacks, information security specialists receive a few tens of truly important messages.
  • Instant blocking: PT AF’s virtual patching techniques allow you to protect an application, even before insecure code is fixed. Together with PT Application Inspector’s exploit generation mechanism, virtual patching provides continuous and automated detection, verification and blocking of vulnerabilities.
  • Protection against security bypass: PT AF handles data with regard to a protected server technology stack, analyzes XML, JSON and other protocols typically used in modern portals and mobile applications. It ensures protection from the majority of firewall bypass methods including HPC, HPP and Verb Tampering.
  • Behavioral analysis against robots: The mechanisms used against automated malware include protection from brute-force attacks, fraud, DDoS attacks, botnets, uncontrolled indexing, and data leakage.
  • SSDL support: PT Application Inspector (PT AI) and PT AF provide developers with information about incorrect code in convenient formats including exploits, thus reducing the costs associated with secure development and testing.


With more than 10 years of security research and a huge knowledge base of vulnerabilities, the experts at Positive Technologies have amassed extensive experience in protecting enterprises of all sizes across a wide range of industries. Each industry has its own unique features and requirements are crucial to practical security. Every deployment of PT Application Firewall includes configuration to meet the specific needs of each client.

Pre-configured versions of PT AF have been developed to protect:

  • Banks and Financial Institutions where many critical applications used both by clients and partners have to meet the requirements of PCI DSS and other regulatory authorities, while third-party applications and 24/7/365 operations leave little scope for vulnerability fixes.
  • Media portals with frequently refreshing content including online streaming, XML gateways and other integrations with a wide range of systems that are popular targets for “hacktivists”, rivals and criminals.
  • Telecoms where convergence of many different technologies may lead to an “avalanche” of failures caused by a single hack, while the integration of simple mass services with payment systems raises the danger of fraud.
  • ERP systems that are often maintained and supported remotely by third-party companies, leading to security mechanisms being weakened for ease of access. Developers of business-application code typically care more about functionality than security.



Blindspotter™ is a monitoring tool that maps and profiles user behavior to reveal human risk. It integrates a variety of contextual information in addition to logs, processes them using various unique algorithms, and offers a wide range of outputs from warnings to automatic interventions. Blindspotter™ is an advanced component of the Contextual Security Intelligence Suite. It discovers previously unknown risks and guides the investigation of threats through CSI.Risk.

The new perimeter is our users
Many companies’ worst nightmare is already lurking inside what was previously thought to be its perimeter, a sophisticated external attacker or malicious insider. Nowadays, attackers are intelligent, well-funded and their attacks are increasingly complex and well targeted. The common theme of recent, high-profile breaches is that they were carefully planned and went undetected for some time with the attackers moving freely inside the victim’s IT environment. Malicious insiders hold an advantage over a company’s primary security tools in that they are designed to protect against external threats, not against trusted employees. Targeted attacks by humans use a combination of IT vulnerabilities, social engineering and ordinary crime to gain unauthorized access. It means that the new perimeter, where you have to focus, is your users. They are the new focus of your security measures instead of the infrastructure. Blindspotter is the incarnation of this approach, the user focused IT security: it concentrates on what internal and external users are doing in the system.

More monitoring less control
Balabit is an IT security innovator for more than 15 years, which specialized in log management and advanced monitoring technologies, developed Blindspotter™, a next generation IT security tool that analyzes all user activity and reveals suspicious events occurring throughout IT systems. By detecting deviations from normal behavior and assigning a risk value, it helps companies focus their security resources on important events and also allows them to replace some controls, yielding greater business efficiency. Adding more tools that restrict users won’t make your company safer, it will just make your employees less productive.


Blindspotter™ integrates a variety of contextual information in addition to standard log data (like application logs, SIEM data, HR and CRM system inputs, LDAPs, etc.), processes them using unique sets of algorithms, and generates user behavior profiles that are continually adjusted using machine learning. It tracks and visualizes user activity in real-time for a better understanding of what is really happening inside the IT system and offers a wide range of outputs from a priority dashboard to automatic interventions. It doesn’t require pre-defined correlation rules; it simply works with your existing data. The built-in algorithms have customizable parameters that allow you to fine-tune the output without being a skilled data scientist. Data is analyzed in multiple ways to adjust the risk and deviation level of each activity. Blindspotter™ reveals all new deviations from normal operation in a well-prioritized dashboard. With advanced monitoring across every aspect of an IT system, Blindspotter™ prevents sensitive and critical data from potential security breaches, from both internal and external attackers.



Shell Control Box is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise device, completely independent from clients and servers – integrating seamlessly into existing networks. SCB is a core component of the Contextual Security Intelligence Suite. It captures the activity data necessary for user profiling and enables full user session drill down for forensic investigation in CSI.User.


SCB acts as a centralized authentication and access-control point in your IT environment which improves security and reduces user administration costs. The granular access management helps you to control who can access what and when on your servers.


SCB perfectly isolates your sensitive systems from unknown intruders or from non-authorized users. In addition, it tracks all authorized access to sensitive data and provides with actionable information in the case of human errors or unusual behavior.



SCB monitors privileged user sessions in real-time and detects anomalies as they occur. In case of detecting a suspicious user activity (for example entering a destuctive command, such as the “delete”), SCB can send you an alert or immediately terminate the connection.


SCB audits “who did what”, for example on your database or SAP servers. Aware of this, your employees will do their work with a greater sense of responsibility leading to a reduction in human errors. By having an easily interpreted, tamper-proof record, finger-pointing issues can be eliminated.


SCB makes all user activity traceable by recording them in high quality, tamper-proof and easily searchable audit trails. The movie-like audit trails ensure that all the necessary information is accessible for ad-hoc analyses or custom activity reports.


When something wrong happens, everybody wants to know the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user sessions allows you to shorten investigation time and avoid unexpected cost.



A Hassle Free SIEM Solution: Full Visibility – In Real-Time

You are able to easily assess the status of your systems and applications through the solution’s uniquely designed correlation and analysis layer.

The built-in log analysis engine automatically detects and notifies of all critical incidents on your systems. The events monitored can be very diverse and can include: an ongoing attack, a compromised system, a system breakdown, user authentication issues and much more.

The raw log data from your systems can be used to:

  • Automate regulatory processes
  • Improve efficiency in forensics investigations
  • Increase troubleshoot turnaround time
  • Improve your security position
  • Gain visibility into the organization


  • Out-of-the-Box Reporting: Utilize the wide range of reporting templates forcompliance such as PCI, SOX, ISO2700X etc. or modify or create reports from scratch using the intuitive LogPoint Report Wizard.
  • Easy-to-Manage Dashboards: Obtain a structured overview of critical events & security incidents in real-time. You are able to configure the dashboards to reflect desired views based on a user’s privileges.
  • Data Enrichment: With LogPoint’s full data-enrichment capabilities you obtain an added dimension of analysis, without the need to import and fragment existing data.
  • NoSQL Technology: LogPoint is powered by the latest NoSQL technologies. This enables LogPoint to receive and normalize billions of logs generated on your infrastructure every day
  • Built-in Scaling: The built-in scaling architecture enables enterprise-wide implementation. LogPoint supports an infinite number of collection, analysis & presentation points, providing the ultimate degree of flexibility.
  • Easy Implementation: LogPoint is shipped in a virtual appliance, physical appliance or as a piece of software and does not rely on specific hardware, allowing organizations flexibility in deployments and orchestrating of storage.
  • Favorable Licensing: LogPoint is licensed on the number of devices sending logs to the system. Thus, organizations can scale to as many LogPoint servers as needed, while maintaining transparent cost-projections.
  • Extensive Integration: LogPoint easily integrates with both external data and existing information sources such as asset-management systems, directories, HR- and ERP systems, and others.
  • Categorizing Taxonomy: Any new application, business process or infrastructure component will be immediately covered by our best-practice taxonomy and thus the features in LogPoint without user involvement.



FBI: Email Scams Take $3.1 Billion Toll on Businesses


Business-related inbox scams are reaching epidemic levels with the total cost to business reaching a whopping $3.1 billion. The dire warning comes from the FBI that says skyrocketing losses represent a 1,300 percent increase since January 2015.

Identified by the FBI as business e-mail compromise (BEC) crimes, the scams attempt to trick email recipients into money wire transfers, forwarding sensitive employee data such as W-2 data, paying fake invoices, or hijacking employee email accounts in order to use stolen email identities to win the confidence of scam targets.

The FBI has stepped up its BEC awareness campaign less than a month since it released its annual Internet Crime Complaint Center (IC3). In that report, the FBI reported U.S. businesses were hit hardest by BEC scams in 2015 with 7,838 complaints and losses of more than $263 million.

On Tuesday, the FBI refreshed those BEC numbers reporting 22,143 worldwide BEC victims representing $3.1 billion in losses since January 2015. Closer to home the FBI reports 14,032 U.S. BEC victims representing $961 million dollars in losses between October 2013 and May 2016.

The FBI data shows U.S. businesses are disproportionately affected by BEC crimes with 88 percent of all worldwide victims being U.S.-based and 90 percent of losses coming from U.S. companies.

“The BEC scam continues to grow, evolve, and target businesses of all sizes,” wrote the FBI. “The scam has been reported by victims in all 50 states and in 100 countries. Reports indicate that fraudulent transfers have been sent to 79 countries with the majority going to Asian banks located within China and Hong Kong.”

Security experts say these types of cybercrimes are difficult to protect against. “With BEC attacks there is no malware involved. You are exploiting human trust and business processes that involve email,” said Ryan Kalember, SVP cybersecurity strategy at the security firm Proofpoint in an interview with Threatpost reacting to the May IC3 report.

Despite the low-tech email attack vector, the FBI warns business e-mail compromise attacks can be extremely sophisticated. Attackers can lie in wait for extended periods of time studying whom a business does business with and what the business protocols are for wire transfers.

Security experts tell Threatpost they are seeing an uptick in elaborate and sophisticated ruses that involve CEOs, CFOs, COOs, HR departments and accounting. Attacks are become more sophisticated involving criminals going so far as monitoring a CEO’s social media feed to best time and color a fake request for a wire transfer.

The FBI says that BEC can also be springboards to other types of crimes with victims reporting romance, lottery, employment, and rental scams as well. In some instances, the FBI warns, victims are unwittingly drawn into becoming “money mules.” In these instances, money is transferred into target account and then directed to quickly transferred to a second offshore account or shell corporation.

Tips for steering clear of becoming a BEC victim, according to the FBI, include:

  • Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchical information, and out of office details.
  • Be suspicious of requests for secrecy or pressure to take action quickly.
  • Consider additional IT and financial security procedures, including the implementation of a 2-step verification processes for out of band and communication
  • Consider implementing two factor authentication for corporate e-mail accounts.
  • Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.

[source: FBI: Email Scams Take $3.1 Billion Toll on Businesses]

Enterprise Architecture

Today, with most of the organizations becoming more complex in structure and dimensions and distributed in different locations, achieving an optimized performance is not possible by just assigning roles and job description. Instead, processes, information, goals and staff role should match to goals and strategies of the organization. To overcome this issue, a plan should be implemented for defining the relations between all dimensions and elements of the organization and adapt them to changes, if necessary. This plan which consists of information from personnel, processes, places and other dimensions and specifications of the organization is called Enterprise Architecture.

Enterprise architecture divides into four architecture domain.

  • Business architecture
  • Data architecture
  • Applications architecture
  • Technology architecture



Enterprise architecture is required to enable the organizations

  • Effectively manage information through IT
  • Enhance IT systems to meet the needs of organizations by removing fragmented and duplicated information, make IT systems more understandable, improve IT systems to be more responsive to change and Focus the investments in IT on a strategic plan
  • Evolve enterprises to integrated environments
  • Optimize the business to benefit most from technology
  • Increase accuracy of systems and business analysis
  • Improve strategic decision making process by providing multiple views of organization
  • Improve business and IT efficiency
  • Achieve a better return on investment by reducing the complexity of business and IT, increasing flexibility, optimizing the structure and reducing the risk of investment and cost of ownership


International IT house provides full service Enterprise and IT Architecture. Benefiting a powerful network of experts and reputed partners, we help businesses to find solid operation and growth visions and walk them through turning those visions to realities. We have served clients from a wide variety of industries in private and public sectors by providing them full scope Enterprise Architecture plans, ideas and models.


IT Security

International IT house follows a risk based approach to design, implement and maintain security infrastructure for customers.

On February 2014, National institute of standards and technology (NIST) released a Framework for Improving Critical Infrastructure Cybersecurity also known as NIST cybersecurity framework. Focusing on the high impact risks, NIST framework categorizes five key framework functions needed to drive a comprehensive cybersecurity program:

  • Identifying risks to resources supporting critical functions
  • Protecting these resources and limiting the impact of cybersecurity events
  • Detecting incidents that have occurred
  • Responding to the detection of events
  • Recovering following response procedures


Each function places heavy reliance on the development of those preceding it

  • You cannot protect your environment correctly without first identifying your key systems and the risks faced by each
  • You cannot to respond to events if you have not first implemented proper measures to detect them


Each function has several categories subdividing them into more detailed groups of activities




NIST framework is composed of three parts

  • Framework Core
    • Set of activities, desired outcomes, and applicable references (e.g., ISO, NIST 800-53)
    • Consists of five functions: Identify, Protect, Detect, Respond, Recover
      • Identifies key categories for each function
    • Framework Implementation Tiers
      • Characterize cybersecurity practices over a range from Partial (Tier 1) to Adaptive (Tier 4)
      • Provide context on how an organization views cybersecurity risk
    • Framework Profiles
      • Used to identify opportunities to improve cybersecurity posture by comparing a Current profile (“as is” state) to a Target profile (“to be” state)
      • Supports prioritization and measurement of progress towards Target profile


Using NIST Framework to address security concerns Allows organizations to:

  • Describe current cybersecurity posture
  • Describe target state for cybersecurity
  • Identify and prioritize opportunities for improvement
  • Assess progress towards target state
  • Communicate using common language among internal and external stakeholders about cybersecurity risk


NIST Framework Complements, does not replace, risk management processes, Organizations without cybersecurity programs can use Framework as reference to establish one.

Due to comprehensive addressing of security concerns and above points along with many other benefits, International IT house has decided to use NIST cybersecurity framework as a guideline for implementing security structure, providing custom solutions to maximize data and communication security in full to suit the clients’ level of protection and to fit in their budget.

International IT house provides below services in accordance to five key functions of NIST framework to design security environments.

  • Cybersecurity Software
  • Hardware Appliances
  • Compliance audit
  • Vulnerability assessment
  • Security reports
  • High availability and disaster recovery solutions




Database Services

Data management refers to an organization’s management of information and data for secure and structured access and storage.

Data management tasks include the creation of data governance policies, analysis and architecture; database management system (DMS) integration; data security and data source identification, segregation and storage.

Database Management Services enables enterprises to ensure support and continuity to the most business-critical, voluminous and complex applications.


One size does not fit all. We remain true to our primary business of managing and supporting databases remotely while also recognizing that the customers we serve have unique needs. Our expertise and DBA service offerings deliver the combination of flexibility, reliability, security and performance your company demands.

International IT House provides expert database management services for Oracle and Oracle E-Business Suite database environments with an unmatched level of service, support and affordability. By combining strong tools and process, we are able to create cost containment and superior access to our DBA experts in the delivery of our database management services.

We designs our services with your company in mind while adding additional skill sets, standards, best practices and improvements.



Resource Planning

Enterprise resource planning (ERP) is an industry term for the broad set of activities that helps an organization manage its business.

An important goal oF ERP is to facilitate the flow of information so business decisions can be data-driven. ERP software suites are built to collect and organize data from various levels of an organization to provide management with insight into key performance indicators (KPIs) in real time.



ERP software modules can help an organization’s administrators monitor and manage supply chain, procurement, inventory, finance, product lifecycle, projects, human resources and other mission-critical components of a business through a series of interconnected executive dashboards. In order for an ERP software deployment to be useful, however, it needs to be integrated with other software systems the organization uses. For this reason, deployment of a new ERP system in-house can involve considerable business process reengineering, employee retraining and back-end information technology (IT) support for database integration, data analytics and ad hoc reporting.

Legacy ERP systems tend to be architected as large, complex homogeneous systems which do not lend themselves easily to a software-as-a-service (SaaS ERP) delivery model. As more companys begin to store data in the cloud, however, ERP vendors are responding with cloud-based services to perform some functions of ERP — particularly those relied upon by mobile users. An ERP implementation that uses both on-premises ERP software and cloud ERP services is called two-tiered ERP.



Netgear Router Update Removes Hardcoded Crypto Keys


Netgear on Friday released firmware updates for two of its router products lines, patching vulnerabilities that were reported six months ago.

Users should update to firmware version, which includes fixes for an authentication bypass vulnerability and also addresses a hard-coded cryptographic key embedded in older versions of the firmware.

A vulnerability note published by CERT operating at the Software Engineering Institute at Carnegie Mellon University said Netgear router models D6000 and D3600 running firmware versions and are affected. CERT cautions that other models and firmware versions could also be susceptible to the same issues.

The flaws pose a risk to the privacy and security of data moving through the networking gear.

“A remote unauthenticated attacker may be able to gain administrator access to the device, man-in-the-middle a victim on the network, or decrypt passively captured data,” CERT said in its note.

Netgear warned in a support note that an attacker on the network or remotely if remote management enabled, could exploit CVE-2015-8288, and gain access to a hard-coded RSA private key and a hard-coded x.509 certificate and key.

“An attacker with knowledge of these keys could gain administrator access to the device, implement man-in-the-middle attacks, or decrypt passively captured packets,” CERT said in its note.

The authentication bypass flaw, CVE-2015-8289, can expose password security keys if the password recovery feature is disabled, Netgear said.

“A remote attacker able to access the /cgi-bin/passrec.asp password recovery page may be able to view the administrator password in clear text by opening the source code of above page,” CERT said in its note.

CERT suggests that a workaround that includes restricting network access to the router’s web interface over HTTP.

Researcher Mandar Jadhav of Qualys privately reported the flaws in December. His disclosure came on the heels of a critical authentication bypass vulnerability in Netgear router firmware N300_1.1.0.31_1.0.1.img, and N300- that had been publicly disclosed and exploited before a patch was available.

Attackers had been able to exploit the flaws to redirect DNS queries to their servers. With full access to the admin page and settings, an attacker could man-in-the-middle network traffic, reconfigure DNS settings to redirect traffic to a third-party server, or downgrade SSL communication using a number of available tools such as SSLstrip developed by Moxie Marlinspike.

Less than a week later, Netgear published new firmware that addressed the vulnerability. Router models JNR1010v2, WNR2000v5, JWNR2010v5, WNR614, WNR618, WNR1000v4, WNR2020, and WNR2020v2 were affected, and researchers estimated that 10,000 routers had been taken over.

[source: Netgear Router Update Removes Hardcoded Crypto Keys]