{"id":191412,"date":"2016-12-12T08:02:52","date_gmt":"2016-12-12T06:02:52","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=191412"},"modified":"2016-12-12T08:04:17","modified_gmt":"2016-12-12T06:04:17","slug":"multiple-netgear-routers-are-vulnerable-to-command-injection","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/hardware\/191412-multiple-netgear-routers-are-vulnerable-to-command-injection.html","title":{"rendered":"Multiple Netgear routers are vulnerable to command injection"},"content":{"rendered":"<p>Multiple Netgear routers are vulnerable to an arbitrary command injection and users have been advised to discontinue the use of affected devices until a fix is made available.<\/p>\n<p>Cert, Carnegie Mellon University, and Software Engineering institute maintains a <a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/582384\" target=\"_blank\"><strong>Vulnerability Notes Database<\/strong><\/a> which provides information about software vulnerabilities.<\/p>\n<p>They warned that Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.<\/p>\n<p>\u201cBy convincing a user to visit a specially-crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.&#8221;<\/p>\n<p>\u201cA LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:\/\/&lt;router_IP&gt;\/cgi-bin\/;COMMAND,\u201d it said.<\/p>\n<p>An exploit leveraging this vulnerability has been publicly disclosed.<\/p>\n<p>Community reports indicate the R8000, firmware version 1.0.3.4_1.1.2, is also vulnerable. Other models may also be affected.<\/p>\n<p>Users of these routers should consider discontinuing their use until a fix is available.<\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/wireless\/177427-netgear-orbi-wi-fi-system-south-african-pricing.html\">Netgear Orbi Wi-Fi system \u2013 South African pricing<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Multiple Netgear routers are vulnerable to an arbitrary command injection and users have been advised to discontinue the use of the affected devices.<\/p>\n","protected":false},"author":23,"featured_media":191414,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,16],"tags":[36,24264],"class_list":["post-191412","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hardware","category-software","tag-active","tag-netgear"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/191412"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=191412"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/191412\/revisions"}],"predecessor-version":[{"id":191424,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/191412\/revisions\/191424"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/191414"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=191412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=191412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=191412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}