There is a dangerous flaw in at least two popular, higher-end Netgear routers which is easy to exploit and could allow an attacker to potentially crack the device and take full control over it.
The vulnerability affects the popular Netgear R7000 Nighthawk router and the R6400 model, according to US-CERT (Computer Emergency Readiness Team), and is of the command injection variety.
The exploit can be leveraged simply by using a website which the user is tricked into visiting (possibly via a shortened URL link, for extra sneakiness in terms of obscuring the probably suspicious-looking address). And it can be facilitated over a LAN just by issuing a direct request, CERT notes.
The exploit has been confirmed in the Netgear R7000, firmware version 220.127.116.11_1.1.93, and the R6400, firmware version 18.104.22.168_1.0.4 – and also potentially earlier versions of these routers’ firmware.
It may also affect other Netgear models, but that’s unconfirmed at the moment. CERT reckons that the R8000, firmware version 22.214.171.124_1.1.2, is affected, and as Neowin (opens in new tab) reports Reddit users are stating this is the case.
Although another user on that Reddit thread (opens in new tab) tried the exploit out against their R6220 router and found that it wasn’t vulnerable. So the issue certainly doesn’t affect every model, and it’s unclear how widespread the problem is at this point.
However, the bad news is that CERT says it’s unaware of any ‘practical solution’ to this flaw, and recommends: “Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”
Nasty indeed. Hopefully Netgear will be working on a fix pronto given the situation, although CERT does suggest a potential workaround for the time being – check the advice here (opens in new tab).
If you own one of these Netgear routers and are going to take your chances for now, then obviously bear in mind to be particularly careful about any links you’re sent (although, of course, you should always be vigilant in this respect – particularly when it comes to shortened URLs where the actual address is hidden).
It’s a case of one wrong click and you’ve had it, until this is officially patched.
- Another way of keeping your PC safe is by using the best antivirus software