Jump to content
Login new information ×
Login new information

Updated Information - Netgear 6400 - 7000 - 8000 Flaws

straycat19

By straycat19
in Security & Privacy News

Recommended Posts

straycat19

straycat19

Posted
Posted

UPDATED INFORMATION ON FLAW

 

Carnegie Mellon University's CERT has released an advisory warning of an arbitrary command injection vulnerability in Netgear routers. The flaw could be exploited to run commands with root privileges. Code that can be used to exploit the vulnerability has been publicly released. CERT recommends that "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available." The issue affects Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier and Netgear R6400, firmware version 1.0.1.12_1.0.11 and possibly earlier. Community reports indicate R8000, firmware version 1.0.3.4_1.1.2 is also vulnerable.

 

Original Information:

 

An advisory posted on Friday in Carnegie Mellon University's public vulnerability database (CERT) said that Netgear's R7000 and R6400 routers, running current and recent firmware respectively, are vulnerable to an arbitrary command injection flaw.

 

If exploited, the vulnerability could let an unauthenticated attacker run commands with root privileges.

 

The code to exploit the vulnerability -- effectively just a URL -- has been released publicly, allowing anyone to carry out attacks.

 

An attacker would have to trick a user into visiting a website that contains the code, such as an invisible web frame, to exploit the flaw. Adding commands to the router's IP address can open up ports on the router, such as Telnet.

 

The advisory said that other router models may be vulnerable.

 

CERT advised users to "strongly consider discontinuing use" of the devices until a fix is made available.

 

It's not clear how many users are affected by the flaw. A Netgear spokesperson did not respond to a request for comment at the time of writing.

 

Router flaws are increasingly being exploited by attackers, who use vulnerabilities to launch large-scale distributed denial-of-service (DDoS) attacks to flood and overload networks with traffic.

 

Last week, almost a million users across Europe were thrown off the internet after criminals tried to hijack home routers as part of a coordinated cyber attack.

 

Source

 

 

 

Link to comment
Share on other sites
  • Views 489
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...