Your Netgear router could let attackers hack your web traffic

Edward Hudson By: Edward Hudson
2 minute read

Home » Your Netgear router could let attackers hack your web traffic

If  you’re using a Netgear router right now, you might want to turn it off for the time being following discovery of a security flaw in various Netgear models. Worse, there’s currently no easy fix for the vulnerability that could give hackers full control of your router.

Netgear reportedly left the security issue unattended for months, leaving thousands of home networking devices exposed to attacks. Now, Netgear issued a temporary fix for some router models. While at that, the delay still highlights the risk facing the Internet of Things and the difficulty to patch it.

Fix remains unstable

The patches are still in beta and apply only to select models. In addition, Netgear acknowledged the limitations of the fixes as the company has yet to test the patch. What adds insult to injury is users themselves have to manually install the firmware since Netgear is unable to roll out an over-the-air update.

Security researcher Andrew Rollins, who goes by the Twitter handle Acew0rm, alerted Netgear to the flaw back in August, but received only a cold shoulder from the company. Three months later, Rollins decided to make the vulnerability public. This prompted the Department of Homeland Security’s CERT group to release an advisory about the flaw. CERT stated:

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”

Affected devices include Netgear R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 routers, as well as other models that could be exposed to arbitrary command injection. The security vulnerability could let unauthenticated web pages gain access to the command-line and execute malicious commands. In turn, this could provide hackers the ability to take over an entire system.

“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers,” CERT said.

The number of affected routers, however, remains unclear. The exploit has gone public, so it’s easy to assume a large swath of Netgear devices are currently at risk.

Read also:

Discussions

Next up

How to install a Virtual Private Network on Windows Server 2019

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
2 minute read

Using a VPN on your Windows Server has a lot of advantages for all parties included and it allows users in a small environment access to […]

Continue Reading

This is how you can fix Windows 10 ODBC issues

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
3 minute read

ODBC is quite useful for application access routines, especially for professional users. And, seemingly, there are a plethora of issues for Windows 10 users who […]

Continue Reading

Microsoft might update Windows 10 to enable custom quick actions

Matthew Adams By: Matthew Adams
2 minute read

The Windows 10 Action Center includes Quick Action buttons that provide shortcuts for adjusting settings. For example, users can press the Tablet mode button to […]

Continue Reading