At least three versions—and likely more—of Netgear routers remain vulnerable to a vulnerability that allows an attacker to gain root access on the device and remotely run code.
A researcher who goes by the handle AceW0rm on Friday released details and a proof-of-concept exploit after months of silence from Netgear, which today confirmed the flaw and said it is investigating the report. The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University said in an advisory the vulnerability is simple to exploit.
“Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available,” the advisory said. A request for comment from Netgear was not returned in time for publication.
AceW0rm said he privately disclosed the vulnerability to Netgear in August and decided to publish details last week. A request for further comments from the researcher was not returned in time for publication.
Netgear R8000, R7000, R6400 routers and possible other models, CERT said, are vulnerable. The routers are part of Netgear’s Nighthawk line of home routers. The R7000 routers running firmware version 1.0.7.2_1.1.93 and R6400 devices running firmware version 1.0.1.6_1.0.4 and possibly earlier are vulnerable to the same command injection attack, CERT said.
Meanwhile, a researcher known as Kalypto Pink conducted tests on additional Nighthawk models and found several more vulnerable. Below is Kalypto Pink’s comprehensive list:
“By convincing a user to visit a specially crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers,” CERT said. “A LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http://<router_IP>/cgi-bin/;COMMAND.”
Users could also disable the router’s webserver temporarily by issuing the command: http://<router_IP>/cgi-bin/;killall$IFS’httpd‘. This, however, will leave the router’s management interface unreachable until the router is restarted.
Kalypto Pink has also published details on a process that can be used to determine if a particular router is vulnerable to attack.