News

CERT Warns Customers of Vulnerability Found in Netgear Routers

Netgear is just the latest of many high-profile companies to come under fire from security watchdogs and due to severe security holes that go unpatched. When such a security flaw is situated in your router, then it’s even worse since the router is the door into your home. The exploit in question was first disclosed over four months ago, but it has yet to be acknowledged by Netgear and patched. As a direct result of this, CERT has warned customers strongly to discontinue the use of the affected router models – if at all possible. It isn’t everyone that has spare routers laying around for cases like this.

The vulnerability, labeled VU#582384 by Carnegie Mellon University’s CERT, allows “arbitrary command injection” on Netgear’s R7000 and R6400 routers (using firmware 1.0.7.2_1.1.93 and 1.0.1.6_1.0.4 respectively). According to CERT, it’s also possible that earlier firmware versions for these two routers could be affected and thereby also vulnerable to attacks.

The attack is carried out by enticing a user to visit a specially made website, after which commands are issued to the router. The routers can also be directly exploited via a LAN connection by entering a very simple address that I won’t share here. There’s no need to spread the how-to even further. The Twitter-user Acew0rm also posted a proof of concept for the Netgear exploit in an online video.

Acew0rm explained that he first contacted Netgear about the issue over four months ago and never even got a response back from the company and that’s the reason for the video and publication of the information. “I’ve forgotten about this because I thought this was very stupid. I didn’t think it was going to this big and I thought they were going to instantly patch it.”

According to CERT, there is currently no solution for the problem which is why they recommend and encourage users of the Netgear R8000, R7000 and R6400 routers to stop using them immediately and until Netgear can remedy the problem with a firmware update.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago