CATEGORIES
home News

Vulnerability Found In Some Netgear Routers Has CERT Warning Consumers Strongly To Discontinue Use

by Brandon HillSunday, December 11, 2016, 01:53 PM EDT
Last week, we brought you information about a relatively easy-to-exploit vulnerability in professional-grade Sony cameras. Now, Netgear is the latest high-profile tech company that is coming under fire for a potentially dangerous exploit that was first reported over four months ago.

The vulnerability, labeled VU#582384 by Carnegie Mellon University’s CERT, allows “arbitrary command injection” on Netgear’s R7000 and R6400 routers (using firmware 1.0.7.2_1.1.93 and 1.0.1.6_1.0.4 respectively). According to CERT, it’s possible that earlier firmware for these two routers are also susceptible to attacks.

netgear r7000

The attack is carried out by enticing a user to visit a specially made website, after which commands are issued to the router. The routers can also be directly exploited via a LAN connection by entering in the following address: http://<router_IP>/cgi-bin/;COMMAND.

Twitter user Acew0rm posted a proof of concept for the Netgear exploit in the video below:

Acew0rm explains that he first contacted Netgear over four months ago about the exploit, and never once heard a response from the company. So, the hacker took matters into his own hands by making the vulnerability public. “I’ve forgot about this because I thought this was very stupid. I didn’t think it was going to this big and I thought they were going to instantly patch it.”

According to CERT, there is currently no “practical solution” for the exploit given that Netgear never bothered to respond to Acew0rm. Users of the R8000, R7000 and R6400 are encouraged to stop using the routers immediately until Netgear can remedy the problem with a firmware update.

While it might not be feasible for you to discontinue use of your router right now, we’d highly suggest that you be careful of sites that you visit during the mean time and register your router with Netgear so that you can automatically be notified about new firmware updates.

Tags:  Netgear, Router, R7000, (NASDAQ:NTGR), CERT, r6400, r8000
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment