Vulnerability Found In Some Netgear Routers Has CERT Warning Consumers Strongly To Discontinue Use

by Brandon Hill — Sunday, December 11, 2016, 01:53 PM EDT

Last week, we brought you information about a relatively easy-to-exploit vulnerability in professional-grade Sony cameras. Now, Netgear is the latest high-profile tech company that is coming under fire for a potentially dangerous exploit that was first reported over four months ago.

The vulnerability, labeled VU#582384 by Carnegie Mellon University’s CERT, allows “arbitrary command injection” on Netgear’s R7000 and R6400 routers (using firmware 1.0.7.2_1.1.93 and 1.0.1.6_1.0.4 respectively). According to CERT, it’s possible that earlier firmware for these two routers are also susceptible to attacks.

The attack is carried out by enticing a user to visit a specially made website, after which commands are issued to the router. The routers can also be directly exploited via a LAN connection by entering in the following address: http://<router_IP>/cgi-bin/;COMMAND.

Twitter user Acew0rm posted a proof of concept for the Netgear exploit in the video below:

Acew0rm explains that he first contacted Netgear over four months ago about the exploit, and never once heard a response from the company. So, the hacker took matters into his own hands by making the vulnerability public. “I’ve forgot about this because I thought this was very stupid. I didn’t think it was going to this big and I thought they were going to instantly patch it.”

According to CERT, there is currently no “practical solution” for the exploit given that Netgear never bothered to respond to Acew0rm. Users of the R8000, R7000 and R6400 are encouraged to stop using the routers immediately until Netgear can remedy the problem with a firmware update.

While it might not be feasible for you to discontinue use of your router right now, we’d highly suggest that you be careful of sites that you visit during the mean time and register your router with Netgear so that you can automatically be notified about new firmware updates.

Tags: Netgear, Router, R7000, (NASDAQ:NTGR), CERT, r6400, r8000

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.