Several popular Netgear Wi-Fi routers are affected by a vulnerability that could allow hackers to easily take them over.
At the weekend the, CERT Software Engineering Institute at Carnegie Mellon University issued a warning that multiple Netgear routers are vulnerable to arbitrary command injection.
This includes Netgear R7000 and R6400 routers, and possibly other models too.
“Netgear R7000, firmware version 220.127.116.11_1.1.93 and possibly earlier, and R6400, firmware version 18.104.22.168_1.0.11 and possibly earlier, contain an arbitrary command injection vulnerability,” researchers warned.
“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.”
Is there a fix?
CERT said it is unaware of any practical solution to the problem. However, US tech site Ars Technica has described a possible temporary fix.
The exploit is understood to have been first discovered by a researcher who goes by the handle Acew0rm and was apparently brought to the attention of Netgear in August, but no action was taken.
Netgear is a $1.3bn-a-year network equipment company headquartered in San Jose, California. It is one of the biggest Wi-Fi router brands in the world.
CERT rates the flaw as critical and has assigned it a score of 9.3 out of 10 in the Common Vulnerability Scoring System.