News

CERT Warns Customers of Vulnerability Found in Netgear Routers

Netgear is just the latest of many high-profile companies to come under fire from security watchdogs and due to severe security holes that go unpatched. When such a security flaw is situated in your router, then it’s even worse since the router is the door into your home. The exploit in question was first disclosed over four months ago, but it has yet to be acknowledged by Netgear and patched. As a direct result of this, CERT has warned customers strongly to discontinue the use of the affected router models – if at all possible. It isn’t everyone that has spare routers laying around for cases like this.

The vulnerability, labeled VU#582384 by Carnegie Mellon University’s CERT, allows “arbitrary command injection” on Netgear’s R7000 and R6400 routers (using firmware 1.0.7.2_1.1.93 and 1.0.1.6_1.0.4 respectively). According to CERT, it’s also possible that earlier firmware versions for these two routers could be affected and thereby also vulnerable to attacks.

The attack is carried out by enticing a user to visit a specially made website, after which commands are issued to the router. The routers can also be directly exploited via a LAN connection by entering a very simple address that I won’t share here. There’s no need to spread the how-to even further. The Twitter-user Acew0rm also posted a proof of concept for the Netgear exploit in an online video.

Acew0rm explained that he first contacted Netgear about the issue over four months ago and never even got a response back from the company and that’s the reason for the video and publication of the information. “I’ve forgotten about this because I thought this was very stupid. I didn’t think it was going to this big and I thought they were going to instantly patch it.”

According to CERT, there is currently no solution for the problem which is why they recommend and encourage users of the Netgear R8000, R7000 and R6400 routers to stop using them immediately and until Netgear can remedy the problem with a firmware update.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

4 hours ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

4 hours ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

4 hours ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

4 hours ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

4 hours ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

4 hours ago