Users told to switch off their Netgear routers after discovery of “gaping security hole”

0

Security experts have discovered a massive vulnerability in a number of Netgear routers.

The flaw, experts say, could let hackers remotely access your device without you knowing.

According to experts at CERT, Netgear router models R6250, R6400, R7000, R7100LG, R7300, R7900 and R8000 are affected but many more models could also be at risk.

Experts claim the potential hack is very easy to carry out and have advised all users to switch off their Netgear router until a security patch is released.

In a statement issued late Monday, Netgear confirmed the vulnerability, adding that they are investigating the situation.

The experts who discovered the vulnerability say that Netgear routers are “vulnerable to arbitrary command injection.”

This means that users can easily fall victim if hackers send them a malicious link that could then be used to take complete control of their device.

Netgear R70000

Netgear R7000

“By convincing a user to visit a specially crafted web site, a remote authenticated attacker may execute arbitrary commands with root privileges on affected routers,” said experts at the CERT Division of the Software Engineering Institute at Carnegie Mellon University.

With no solution yet found for the problem, the only advice to users is to stop using their Netgear routers.

“Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available”, experts at CERT said.

The issue was first reported on Friday but it wasn’t until Monday that Netgear issued the following statement:

“Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface.”

“A remote hacker can potentially inject arbitrary commands which are then executed by the system”.

“Netgear is investigating and will update this article once we have more information.”

Via: Naked Security

Share.

Comments are closed.