Netgear landed itself on hot water again after three of its routers were found to have serious security vulnerabilities. According to experts, the peripherals can easily succumb to basic attacks, allowing hackers to take full control not only of the router but also those connected devices and obtain sensitive data.
The affected Netgear routers include R8000, R7000, and R6400. If you own any of these devices, experts warned that you must stop using it until a fix has been released.
Netgear Router Exploit
The vulnerability has been validated by the U.S. Computer Emergency Readiness Team (CERT), a federally supported agency tasked with coordinating response to software vulnerabilities.
"By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers," CERT stated in an advisory issued last Dec. 9.
This was demonstrated by a researcher who calls himself Acew0rm. He created an exploit and posted it online with an innocent-looking web link. Once clicked, it injects a command that the router run as root. This opened the device to a series of powerful shell commands. The vulnerability is largely anchored on the Netgear routers' inability to address malicious commands masquerading as web URLs.
Response To Router Vulnerability
Netgear, for its part, has confirmed the compromised routers. In a published statement, the company assured its consumers that it is working to address the problem.
"It is Netgear's mission to be the innovative leader in connecting the world to the internet," the company said. "To achieve this mission, we strive to earn and maintain the trust of those that use Netgear products for their connectivity."
The statement has been brief, and it did not clarify whether there are other routers affected such as the Netgear X10. CERT maintained that while R8000, R7000, and R6400 are confirmed to be at risk for now, other models are possibly affected as well.
Temporary Router Vulnerability Fix
A temporary fix has been identified, and it will work until the router has been rebooted. This involves the exploitation of the vulnerability itself via a command that disables the router's web server. This can be done by clicking a simple link: (https://[router-address]/cgi-bin/;killall$IFS'httpd'). If you would like to try this for your device, simply replace the router address with the router's local IP address.
Again, this is not a permanent fix. The problem will again resurface once the router gets rebooted. This means that its web server has also been enabled again.
One should also note that thousands of Netgear routers have been previously compromised due to a security hole. That problem has been patched October last year by an update, so Netgear is expected to roll out an update that can fix compromised devices in the coming days.
