Vulnerability in Netgear Router leads to US-CERT Alert to Replace Devices

A Netgear router vulnerability which remained unpatched for approximately 3 months was recently made public, a disclosure which placers users at risk of their devices being exploited by hackers.

The threat is so large that US-CERT issued a strong warning to every user of the devices urging them them to their Netgear routers immediately. The US-CERT Coordination Center located at Carnegie Mellon University attributed a vulnerability rating of 9.3/10 to the Netgear.

A Vulnerability for the Netgear router was publicly revealed by a security annalist identified only by the handle “Acew0rm” on Friday, the 9th December 2016. Acew0rm stated that Netgear was notified of the flaw by him in August 2016, however he never received a reply and no patch for the flaw was developed.

In the aftermath of the revelation, Netgear initially acknowledged that its R6400, R7000, and R8000 routers may be vulnerable, however a researcher using the name “Kalypto” alleged that numerous other Netgear Nighthawk devices are affected by the vulnerability, such as the R7000, R7000P, R7500, R7800, R8500 and R9000 models.

It has been confirmed that the vulnerability permits the remote command execution of Linux commands as a consequence of improper input sanitization in a manner employed by the web-based management interface of the routers. It may be taken advantage of even in circumstances where management interfaces are not in fact exposed to the Internet. Attackers might obtain access to the vulnerable devices by using cross-site request forgery attacks (CSRF).

The only thing required for a router to be compromised is that a user visit a specifically built webpage with commands written into its URL. Should a user visit that webpage, an attacker may issue commands which will then be accepted with no need for any form of authentication.

Netgear subsequently acknowledged that its R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000 routers are indeed vulnerable. Netgear indicated that it was now working on a new production firmware version that would fix the command injection vulnerability. The firmware upgrade is to be issued as quickly as possible.

Netgear also pointed out that a beta version of the firmware can be downloaded by users the for R6400, R7000, and R8000 models of its routers from Netgear’s firmware release page.

Prior to the release of the updated firmware, the advice from US-CERT is that the router should be unplugged and use of it should cease immediately. Moreover, US-CERT stresses that when the fix has been issued, the update should be first downloaded onto a flash drive and applied while the router remains offline.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on https://twitter.com/defensorum and contact Emma at emmataylor@defensorum.com.
Twitter