Netgear wireless routers exposed to hacking flaw

13 Dec 2016

The newly discovered flaw affects one of the most popular Wi-Fi brands on the planet. Image: Zinaida Sopina/Shutterstock

Several popular Netgear Wi-Fi routers are affected by a vulnerability that could allow hackers to easily take them over.

At the weekend the, CERT Software Engineering Institute at Carnegie Mellon University issued a warning that multiple Netgear routers are vulnerable to arbitrary command injection.

This includes Netgear R7000 and R6400 routers, and possibly other models too.

“Netgear R7000, firmware version and possibly earlier, and R6400, firmware version and possibly earlier, contain an arbitrary command injection vulnerability,” researchers warned.

“By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.”

Is there a fix?

CERT said it is unaware of any practical solution to the problem. However, US tech site Ars Technica has described a possible temporary fix.

The exploit is understood to have been first discovered by a researcher who goes by the handle Acew0rm and was apparently brought to the attention of Netgear in August, but no action was taken.

Netgear is a $1.3bn-a-year network equipment company headquartered in San Jose, California. It is one of the biggest Wi-Fi router brands in the world.

CERT rates the flaw as critical and has assigned it a score of 9.3 out of 10 in the Common Vulnerability Scoring System.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years