CERT Warns Customers of Vulnerability Found in Netgear Routers

/ 7 years ago

netgear-intro

Netgear is just the latest of many high-profile companies to come under fire from security watchdogs and due to severe security holes that go unpatched. When such a security flaw is situated in your router, then it’s even worse since the router is the door into your home. The exploit in question was first disclosed over four months ago, but it has yet to be acknowledged by Netgear and patched. As a direct result of this, CERT has warned customers strongly to discontinue the use of the affected router models – if at all possible. It isn’t everyone that has spare routers laying around for cases like this.

The vulnerability, labeled VU#582384 by Carnegie Mellon University’s CERT, allows “arbitrary command injection” on Netgear’s R7000 and R6400 routers (using firmware 1.0.7.2_1.1.93 and 1.0.1.6_1.0.4 respectively). According to CERT, it’s also possible that earlier firmware versions for these two routers could be affected and thereby also vulnerable to attacks.

The attack is carried out by enticing a user to visit a specially made website, after which commands are issued to the router. The routers can also be directly exploited via a LAN connection by entering a very simple address that I won’t share here. There’s no need to spread the how-to even further. The Twitter-user Acew0rm also posted a proof of concept for the Netgear exploit in an online video.

Acew0rm explained that he first contacted Netgear about the issue over four months ago and never even got a response back from the company and that’s the reason for the video and publication of the information. “I’ve forgotten about this because I thought this was very stupid. I didn’t think it was going to this big and I thought they were going to instantly patch it.”

According to CERT, there is currently no solution for the problem which is why they recommend and encourage users of the Netgear R8000, R7000 and R6400 routers to stop using them immediately and until Netgear can remedy the problem with a firmware update.
Topics: , , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})