CERT advises users to ‘discontinue use’ of two Netgear routers due to major security flawDecember 10, 2016 – 7:32 PM
In a major setback for Netgear, it appears that at least two of its high-end routers may contain a severe security flaw according to an advisory issued by CERT.
The vulnerability itself is incredibly easy to leverage and simply relies upon accessing a specially crafted URL in the following format from the local network:
http://< router_IP >/cgi-bin/;COMMAND
The above will result in a command injection attack via the router’s web interface which will execute arbitrary commands with root privileges. Notably, the attack can be initiated remotely by an attacker who manages to fool a local user into clicking on a malicious URL hidden behind a shortened link. Otherwise, a nefarious user already on the local network can craft and visit a URL of their choice in order to achieve the same outcome.
So far, the two routers that have been confirmed to be susceptible to this vulnerability are:
- Netgear R6400 with firmware version 220.127.116.11_1.0.4 (and possibly earlier)
- Netgear R7000 with firmware version 18.104.22.168_1.1.93 (and possibly earlier)
While unconfirmed by CERT, one Reddit user indicated that their Netgear R8000 router was also affected by the flaw, which means that the list of impacted hardware may well expand over the coming days.