Netgear customers warned to stop using flawed routers

Netgear identifies at least eight router models affected by remote access bug

Customers using Netgear home routers have been urged to switch them off, after a number of models were found to contain a vulnerability that could let hackers gain remote access.

Security researchers at Carnegie Mellon University in Pennsylvania found eight models of Netgear routers had a security flaw that could allow hackers to gain access to a home network and any connected devices with relative ease.

The flaw, known as #582384, was initially found in R7000, R6400 and R8000 routers, but Netgear has since confirmed the vulnerability is also affecting R6250, R6700, R7300 and R7900 routers. Netgear is currently testing all of its router models for the "command injection vulnerability", and it is possible more are affected.

"By convincing a user to visit a specially crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers," said the researchers. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."

Advertisement
Advertisement - Article continues below

By clicking a malicious link, users can inadvertently give hackers full control over a router, giving access to a full list of internet traffic on the network, which may include personal details and login information.

Netgear has said it is working on a firmware version that will fix the command injection vulnerability, although there is no specific release date.

"Netgear is continuing to review our entire portfolio for other routers that might be affected by this vulnerability," said Netgear in a blog post. "If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well."

A beta version of updated firmware is currently available for R6400, R7000 and R8000 routers, although Netgear warned that these updates have not been fully tested and may not work for all users. Additional beta updates will be made available for the other models in the coming days, so make sure to keep an eye on Netgear's security blog.

Picture: Netgear's Nighthawk Smart WiFi router, R7000 model

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019