PSA: Some Netgear Routers Have a Security Vulnerability That Can Be Easily Exploited, Here’s How to Check Your

Posted on by

Netgear has confirmed that several of its routers, including the R7000, R6400, and R8000, have security issues that could allow someone to take control of your router if you hit a malicious URL.

The infected routers included several of Netgear’s most popular models, including the “Nighthawk” series. Netgear has only confirmed three models, but others suggest the R7500, R7800, R8500, and R9000 are affected as well. Netgear is working on a patch to fix this, but until there is an official solution, you can check your vulnerability and fix it yourself. Data scientist Bas van Schaik explained the details :

  1. Check your router for vulnerability by going to http://[router-address]/cgi-bin/;uname$IFS-a in your browser (replacing [router-address] with your router’s IP address). If this page displays anything other than an error or a blank page, it is affecting your router.
  2. If this is affected, you can end a web server process that you can use. However, this will kill the web config interface on your router until you reboot it. It shouldn’t matter much if you don’t go to your router’s management tool often. If you’re happy with that, put it in the URL http://[router-address]/cgi-bin/;killall$IFS'httpd' your browser: http://[router-address]/cgi-bin/;killall$IFS'httpd' and then go back to the url at the http://[router-address]/cgi-bin/;killall$IFS'httpd' step to make sure it works. …

If you restart the router, the vulnerability reopens, but at least this is a temporary fix until Netgear releases an official patch. The only way someone could take advantage of this is if they send you a malicious link and you follow that link, which is unlikely, but if you have one of these routers, it’s still probably better to play it safe than sorry. …

Update: Netgear has released beta firmware for the R7000 and the rest of its lineup, if you don’t mind going through the beta ( thanks for pointing that out, Fritzo ).

Experts warn to stop using Netgear routers with unpatched security bug | Ars Technica

More…

Uncategorized

Leave a Reply