News

Tweaker publishes workaround for vulnerability in Netgear routers

By admin
Spread the love

Tweaker ‘sjvs’ has published a work-around on his own blog with which vulnerable Netgear routers can be temporarily made safe. On Friday, it emerged that some models, including the R7000 and R6400, are vulnerable to command injection.

On its blog, sjvs writes that its solution is to disable the web server process of the routers. As a result, it is no longer possible to take advantage of the vulnerability, which allows an attacker to execute arbitrary root code. Netgear has not yet released a patch for the vulnerability. This work-around will work until the router is restarted. Then the web server process starts again. The American Cert advised on Friday not to use the routers until a patch is available.

The blog post also describes how users can find out if their router is vulnerable. The original warning stated that the R7000 and R6400 models are vulnerable, but other models may be affected. For example, when the original message was published that a tweaker had determined that his X6 R8000 also contains the leak. Netgear confirms this finding in a security advisory.

The solution is to visit the url http://xxx.xxx.xxx.xxx/cgi-bin/;killall$IFS’httpd’, where the x’s are the ip address of the router on its own local network. This can be found by visiting routerlogin.net, for example.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Reddit removes chat messages from before January 1, 2023 during migration

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD

News

Microsoft releases new font for Word, Outlook, PowerPoint and Excel