Serious Leak in Netgear Routers Lets Attacker Run Root Code – Update

The US Cert from Carnegie Mellon University warns that Netgear’s R7000 and R6400 routers contain a serious vulnerability. This allows a remote attacker to execute arbitrary code as root.

According to the organization, an exploit for the vulnerability is now available, which puts users at risk. It is therefore advised not to use the routers until a patch is available. It does not seem to have been released by Netgear for the time being. ZDNet writes that a spokesperson for the company has not yet responded to questions. The American Cert also reports that the leak can be exploited by having a victim visit a malicious site. An attack is also possible via the local network.

The vulnerability concerns the command injection capability, which is present in version 1.0.7.2_1.1.93 of the R7000 model firmware. The firmware of the R6400 model is version 1.0.1.6_1.0.4. It may also be present in earlier versions, according to the Cert. In addition, it cannot be ruled out that other router models are also vulnerable.

Vulnerabilities in routers recently left a million Germans without internet. The failure of the routers was later attributed to the Mirai malware, which rendered the devices inoperable but did not infect them.

Update, 12-12: In the absence of a patch, a temporary work-around is available. This disables the web server until the router is restarted. Netgear has reported the vulnerability in a security advisory, but has not yet announced a patch.