Netgear wireless routers exposed to hacking flaw

13 Dec 2016

The newly discovered flaw affects one of the most popular Wi-Fi brands on the planet. Image: Zinaida Sopina/Shutterstock

Several popular Netgear Wi-Fi routers are affected by a vulnerability that could allow hackers to easily take them over.

At the weekend the, CERT Software Engineering Institute at Carnegie Mellon University issued a warning that multiple Netgear routers are vulnerable to arbitrary command injection.

This includes Netgear R7000 and R6400 routers, and possibly other models too.

“Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.12_1.0.11 and possibly earlier, contain an arbitrary command injection vulnerability,” researchers warned.

“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.”

Support Silicon Republic

Is there a fix?

CERT said it is unaware of any practical solution to the problem. However, US tech site Ars Technica has described a possible temporary fix.

The exploit is understood to have been first discovered by a researcher who goes by the handle Acew0rm and was apparently brought to the attention of Netgear in August, but no action was taken.

Netgear is a $1.3bn-a-year network equipment company headquartered in San Jose, California. It is one of the biggest Wi-Fi router brands in the world.

CERT rates the flaw as critical and has assigned it a score of 9.3 out of 10 in the Common Vulnerability Scoring System.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com