Your Netgear router could let attackers hack your web traffic

Edward Hudson By: Edward Hudson
2 minute read

Home » News » Your Netgear router could let attackers hack your web traffic

If  you’re using a Netgear router right now, you might want to turn it off for the time being following discovery of a security flaw in various Netgear models. Worse, there’s currently no easy fix for the vulnerability that could give hackers full control of your router.

Netgear reportedly left the security issue unattended for months, leaving thousands of home networking devices exposed to attacks. Now, Netgear issued a temporary fix for some router models. While at that, the delay still highlights the risk facing the Internet of Things and the difficulty to patch it.

Fix remains unstable

The patches are still in beta and apply only to select models. In addition, Netgear acknowledged the limitations of the fixes as the company has yet to test the patch. What adds insult to injury is users themselves have to manually install the firmware since Netgear is unable to roll out an over-the-air update.

Security researcher Andrew Rollins, who goes by the Twitter handle Acew0rm, alerted Netgear to the flaw back in August, but received only a cold shoulder from the company. Three months later, Rollins decided to make the vulnerability public. This prompted the Department of Homeland Security’s CERT group to release an advisory about the flaw. CERT stated:

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”

Affected devices include Netgear R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 routers, as well as other models that could be exposed to arbitrary command injection. The security vulnerability could let unauthenticated web pages gain access to the command-line and execute malicious commands. In turn, this could provide hackers the ability to take over an entire system.

“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers,” CERT said.

The number of affected routers, however, remains unclear. The exploit has gone public, so it’s easy to assume a large swath of Netgear devices are currently at risk.

Read also:

Discussions

Next up

7 best antimalware tools for Windows 10 to block threats in 2019

Elsie Otachi By: Elsie Otachi
7 minute read

As long as you have a computer or smart devices, whether at home or in business, you’ve got to constantly resolve to get rid of […]

Continue Reading

Windows 10 Start Menu lets you remove more pre-installed apps

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Microsoft is planning to add some major changes to the Start Menu as a part of Windows 10 May 2019 Update coming next month. The […]

Continue Reading

Windows 10 Chromium ARM64 vs. X86: Which one is better?

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Recent reports suggest that there is a huge difference in processor usage between Windows 10 on ARM and the emulated x86 version.  It seems like […]

Continue Reading