Multiple Netgear routers are vulnerable to command injection
Multiple Netgear routers are vulnerable to an arbitrary command injection and users have been advised to discontinue the use of affected devices until a fix is made available.
Cert, Carnegie Mellon University, and Software Engineering institute maintains a Vulnerability Notes Database which provides information about software vulnerabilities.
They warned that Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.
“By convincing a user to visit a specially-crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.”
“A LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http://<router_IP>/cgi-bin/;COMMAND,” it said.
An exploit leveraging this vulnerability has been publicly disclosed.
Community reports indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable. Other models may also be affected.
Users of these routers should consider discontinuing their use until a fix is available.
Now read: Netgear Orbi Wi-Fi system – South African pricing
Loading ...