cancel
Showing results for 
Search instead for 
Did you mean: 

Netgear users advised to stop using affected routers after severe flaw found

Honorary Alumnus

Netgear users advised to stop using affected routers after severe flaw found

Two leading Netgear routers are vulnerable to a severe security flaw

An advisory posted on Friday in Carnegie Mellon University's public vulnerability database (CERT) said that Netgear's R7000 and R6400 routers, running current and recent firmware respectively, are vulnerable to an arbitrary command injection flaw.

If exploited, the vulnerability could let an unauthenticated attacker run commands with root privileges.

The code to exploit the vulnerability -- effectively just a URL -- has been released publicly, allowing anyone to carry out attacks

An attacker would have to trick a user into visiting a website that contains the code, such as an invisible web frame, to exploit the flaw. Adding commands to the router's IP address can open up ports on the router, such as Telnet.

The advisory said that other router models may be vulnerable.

CERT advised users to "strongly consider discontinuing use" of the devices until a fix is made available.

It's not clear how many users are affected by the flaw. A Netgear spokesperson did not respond to a request for comment at the time of writing.


Router flaws are increasingly being exploited by attackers, who use vulnerabilities to launch large-scale distributed denial-of-service (DDoS) attacks to flood and overload networks with traffic.

Last week, almost a million users across Europe were thrown off the internet after criminals tried to hijack home routers as part of a coordinated cyber attack.

Source:

http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/?loc=newsl...



7 REPLIES 7
Professor

Re: Netgear users advised to stop using affected routers after severe flaw found

Holy cow. That's very worrying.
Assistant Professor

Re: Netgear users advised to stop using affected routers after severe flaw found

Thanks Gwalk. Anything connected to the internet is vulnerable if hackers concentrate on it enough IMO. The new world we live in.
Associate Professor

Re: Netgear users advised to stop using affected routers after severe flaw found

Pretty sure Amanda has an R7000, as do I... But I run mine in AP only mode for the tablets, and I have Merlin on it running...  So if mines vulnerable, then so are many other users here.
Moderator
Moderator

Re: Netgear users advised to stop using affected routers after severe flaw found

Wow, thanks for sharing this, Gwalk!

-Liz

Thanks,
Liz

Did my post answer your question? Accept as Solution to help others find it faster.--------------------------------->

Honorary Alumnus

Re: Netgear users advised to stop using affected routers after severe flaw found

Moderator

Re: Netgear users advised to stop using affected routers after severe flaw found

Thank you from an R7000 owner. I actually missed your initial post. 
Associate Professor

Re: Netgear users advised to stop using affected routers after severe flaw found

From my understanding, the firmware released is a "beta" version.

I still recommend Merlin to anyone running an R7000...  It really opens the R7000 capabilities up, and gets rid of the nasty 300Mbps LAN to WAN cap that it suffers from in some situations...


http://www.linksysinfo.org/index.php?threads/asuswrt-merlin-on-netgear-r7000.71108/