Your Netgear router could let attackers hack your web traffic

Edward Hudson By: Edward Hudson
2 minute read

Home » News » Your Netgear router could let attackers hack your web traffic

If  you’re using a Netgear router right now, you might want to turn it off for the time being following discovery of a security flaw in various Netgear models. Worse, there’s currently no easy fix for the vulnerability that could give hackers full control of your router.

Netgear reportedly left the security issue unattended for months, leaving thousands of home networking devices exposed to attacks. Now, Netgear issued a temporary fix for some router models. While at that, the delay still highlights the risk facing the Internet of Things and the difficulty to patch it.

Fix remains unstable

The patches are still in beta and apply only to select models. In addition, Netgear acknowledged the limitations of the fixes as the company has yet to test the patch. What adds insult to injury is users themselves have to manually install the firmware since Netgear is unable to roll out an over-the-air update.

Security researcher Andrew Rollins, who goes by the Twitter handle Acew0rm, alerted Netgear to the flaw back in August, but received only a cold shoulder from the company. Three months later, Rollins decided to make the vulnerability public. This prompted the Department of Homeland Security’s CERT group to release an advisory about the flaw. CERT stated:

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”

Affected devices include Netgear R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 routers, as well as other models that could be exposed to arbitrary command injection. The security vulnerability could let unauthenticated web pages gain access to the command-line and execute malicious commands. In turn, this could provide hackers the ability to take over an entire system.

“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers,” CERT said.

The number of affected routers, however, remains unclear. The exploit has gone public, so it’s easy to assume a large swath of Netgear devices are currently at risk.

Read also:

Discussions

Next up

KB4487011 and KB4487006 fix unresponsive app issues

Rabia Noureen avatar. By: Rabia Noureen
4 minute read

Microsoft recently released Windows 10 cumulative updates KB4487006, KB4487011, KB4487021, and KB4487029  addressing non-security bugs in the operating system. The company aims to enhance the reliability of […]

Continue Reading

Windows was unable to install your Android [FIX IT NOW]

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
4 minute read

Installing Android drivers on a PC should be a walk in a park. You connect your handset with the PC via the USB cable and, […]

Continue Reading

5 ways to fix NOX emulator lag issues that really work

Daniel Segun By: Daniel Segun
6 minute read

Do you have NOX installed on your PC? Are you experiencing any form of lag while running it? This article is specially designed for you! […]

Continue Reading