CERT warns against using several Netgear routers until a security fix is issued

kemical

Windows Forum Admin
Staff member
Premium Supporter
Netgear has published a security advisory noting that a handful of popular router models made by Netgear are affected by a serious security vulnerability that could allow remote hackers to take control.

"Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system," Netgear said in the security advisory.

Netgear added that it is investigating the security flaw, which it confirmed might affect at least three models, those being the R8000 (Nighthawk x6), R7000 (Nighthawk AC1900), and R6400 (AC1750 Smart).

A Temporary solution:

While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.

To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:


References:
CERT warns against using several Netgear routers until a security fix is issued | PC Gamer

Security Advisory for VU 582384 | Answer | NETGEAR Support
 
Seems like Netgear and DLink suffer from this a lot. I wouldn't doubt other vendor firmwares are also just as buggy though.
 
I'd agree with you on that. Most electronic and tech manufacturers go to the same sources for their parts and software. So it's no surprise that vulnerabilities like this on a mass scale across brands happens.

Galaxy S7 Edge
 
An update to this, there are actually more confirmed models affected by the vulnerability and supposedly Netgear has released a beta firmware update to address this.
 
supposedly Netgear has released a beta firmware update to address this.
Indeed they have and it's included in my Post above:

A Temporary solution:

While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.
 
Back
Top