Netgear router users need to listen and follow this advice from experts as they have found "vulnerability" in the device, which would let its attackers take control of the device. The vulnerability is known as command injection vulnerability.
How does the bug affect the device?
It all starts with remote attackers tricking Netgear router users connected to local Netgear network into clicking a malicious web link, where they are able to execute arbitrary shell commands with root privileges on those routers that are affected.
As the web interface does not filter out all the unauthorised commands in the URL, it becomes vulnerable, Techspot reported.
What are the confirmed and unconfirmed vulnerable models?
Confirmed:
- R6250
- R6400
- R6700
- R7000
- R7100LG
- R7300
- R7900
- R8000
Unconfirmed:
- Nighthawk X8 Tri-Band WiFi Router (Model R8500)
- Nighthawk X10 Smart WiFi Router (R9000)
What has CERT said?
"Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available," said US CERT Coordination Center (CERT/CC) in its advisory.
Has Netgear fixed it?
The report said that the company was still working on a firmware fix for the vulnerability. A beta version of the firmware fix is available but it has not been fully tested and may not work on all users.
What is the solution?
Though there is no practical solution for the issue, CERT has recommended this workaround:
The very vulnerability that exists on affected routers may be used to temporarily disable the vulnerable web server until the device is restarted:
http://ROUTER_IP/cgi-bin/;killall$IFS'httpd'
Note that after performing this step, your router's web administration will not be available until the device is restarted.