1 min read

Netgear routers can be easily exploited, US-CERT warns

Alexandra GHEORGHE

December 12, 2016

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Netgear routers can be easily exploited, US-CERT warns

Several Netgear routers are vulnerable to a command injection flaw and can be remotely hijacked, according to an US-CERT advisory.

Exploiting this vulnerability is trivial”, the advisory reads. “By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers.”

The flaw, discovered by a user going by the Twitter handle Acew0rm, affects models R7000 and R6400 running older and current firmware. US-CERT also added the R8000, firmware version 1.0.3.4_1.1.2, on the list of vulnerable devices.

An exploit leveraging this severe vulnerability has been publicly disclosed, enticing hackers to carry out attacks on the vulnerable aforementioned equipment.

Shodan reports some 2600k Internet-facing Netgear R7000 routers and around 800 R6400 routers, in the US only. Most of them are used by telecom/cable companies.

Source: Shodan
Source: Shodan

US-CERT advises users to stop using the flawed devices, until a fix becomes available. It also recommends a temporary workaround aimed at disabling the web server until the device is restarted.

tags


Author


Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs.

View all posts

You might also like

Bookmarks


loader