HomeWinBuzzer NewsNetgear Issues Firmware Update for Security Risk Routers

Netgear Issues Firmware Update for Security Risk Routers

Netgear has a new firmware update to solve a vulnerability in three routers of eight found to be at risk from hacker exploits. The flaw allows hackers to access a router via a malicious URL and was given a rating of 9.3 out of 10 on the Common Vulnerability Scoring System.

-

Netgear has released firmware updates to solve an issue that was found in several router models. A vulnerability was discovered last Friday that could allow routers to be exploited by . In response, the manufacturer has released a patch.

A researcher announced the security flaw last week. At first it was believed the vulnerability affected three Netgear router models.

However, it was later found that the following router models can be exploited: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000.

Netgear points out that it is still investigating the vulnerability, so more routers may be affected. While a firmware update is now available, it is only for the R6400, R7000, and R8000. That means five routers are still at risk from the problem.

The company says it is working on a patch to fix all of the affected routers:

“This beta firmware has not been fully tested and might not work for all users,” the company says in an advisory published Tuesday. “NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.”

CERT Coordination Center Rating

Hackers could potentially access the affected Netgear routers by executing arbitrary shell commands. This can be achieved via malicious HTTP requests. Because a simple URL crafted by hackers could grant access, this is a dangerous and easy to implement vulnerability.

As a consequence, the U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the vulnerability as critical. On the Common Vulnerability Scoring System (CVSS), the center gave the flaw a 9.3 out of 10.

While there was no solution, CERT advised Netgear to discontinue the two routers. The company does not think that is necessary, especially with firmware updates inbound.

SourceNetgear
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News