Netgear has released firmware updates to solve an issue that was found in several router models. A vulnerability was discovered last Friday that could allow routers to be exploited by hackers. In response, the manufacturer has released a patch.
A researcher announced the security flaw last week. At first it was believed the vulnerability affected three Netgear router models.
However, it was later found that the following router models can be exploited: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000.
Netgear points out that it is still investigating the vulnerability, so more routers may be affected. While a firmware update is now available, it is only for the R6400, R7000, and R8000. That means five routers are still at risk from the problem.
The company says it is working on a patch to fix all of the affected routers:
“This beta firmware has not been fully tested and might not work for all users,” the company says in an advisory published Tuesday. “NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.”
CERT Coordination Center Rating
Hackers could potentially access the affected Netgear routers by executing arbitrary shell commands. This can be achieved via malicious HTTP requests. Because a simple URL crafted by hackers could grant access, this is a dangerous and easy to implement vulnerability.
As a consequence, the U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the vulnerability as critical. On the Common Vulnerability Scoring System (CVSS), the center gave the flaw a 9.3 out of 10.
While there was no solution, CERT advised Netgear to discontinue the two routers. The company does not think that is necessary, especially with firmware updates inbound.