Zachary Cutlip of Tactical Network Solutions presented some of his very interesting research at the security conference Black Hat USA 2012.
His work centers on attacking Netgear routers that have built-in DLNA servers. DLNA is a network protocol that’s much like UPnP, and allows for things like servers to stream media to all of the device in the home.
The particular implementation of the DLNA server has some big vulnerabilities centering around its SQLite server. Wait, what?? Why is there a SQL server running in a consumer-grade router? Well, it’s doing database stuff, like storing information about album art and such.
The bugs in this server allow for a SQL Injection attack which allows for remote file extraction which allows you to get things like the files that contain the administrator password. After that, it’s off to the races.
You can see the original slides from the presentation here.