Netgear has published a security advisory noting that a handful of popular router models made by Netgear are affected by a serious security vulnerability that could allow remote hackers to take control.
"Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system," Netgear said in the security advisory.
Netgear added that it is investigating the security flaw, which it confirmed might affect at least three models, those being the R8000 (Nighthawk x6), R7000 (Nighthawk AC1900), and R6400 (AC1750 Smart).
A Temporary solution:
While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.
Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.
To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:
References:
CERT warns against using several Netgear routers until a security fix is issued | PC Gamer
Security Advisory for VU 582384 | Answer | NETGEAR Support
"Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system," Netgear said in the security advisory.
Netgear added that it is investigating the security flaw, which it confirmed might affect at least three models, those being the R8000 (Nighthawk x6), R7000 (Nighthawk AC1900), and R6400 (AC1750 Smart).
A Temporary solution:
While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.
Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13th.
To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:
References:
CERT warns against using several Netgear routers until a security fix is issued | PC Gamer
Security Advisory for VU 582384 | Answer | NETGEAR Support