Critical flaw opens Netgear routers to hijacking

Several Netgear router models can be easily hijacked by remote, unauthenticated attackers, CERT/CC has warned on Friday.

The vulnerability that allows this takeover can be exploited by simply convincing users to visit a specially crafted web site or, worse yet, to visit a legitimate site serving specially crafted malicious ads.

“The vulnerability allows execution of Linux commands by simply appending the command to a URL. The commands execute with root privileges (god mode for not tech people),” a researcher that goes by the handle Kalypto Pink has explained.

“This can be used to pop a telnet session, FTP, command your router to attack other computers, or pretty much anything else the malicious user wants to do.”

While the exploit leveraging this vulnerability has been publicly disclosed, the complete list of affected models is still unknown.

CERT/CC says Netgear R7000 (firmware version 1.0.7.2_1.1.93 and possibly earlier), R6400 (firmware version 1.0.1.6_1.0.4 and possibly earlier), and R8000, (firmware version 1.0.3.4_1.1.2) sport the vulnerability. Kalypto Pink says that models R7000P, R7500, R7800, R8500, and R9000 are also vulnerable.

Netgear has yet to confim these claims, as they are still investigating the issue. Firmware updates that address the flaw have not been made available.

CERT/CC advises users of vulnerable devices to either disable the web server each time the device is restarted, or to stop using the device until a fix is released and they can implement it.