Netgear customers warned to stop using flawed routers

Customers using Netgear home routers have been urged to switch them off, after a number of models were found to contain a vulnerability that could let hackers gain remote access.

Security researchers at Carnegie Mellon University in Pennsylvania found eight models of Netgear routers had a security flaw that could allow hackers to gain access to a home network and any connected devices with relative ease.

The flaw, known as #582384, was initially found in R7000, R6400 and R8000 routers, but Netgear has since confirmed the vulnerability is also affecting R6250, R6700, R7300 and R7900 routers. Netgear is currently testing all of its router models for the "command injection vulnerability", and it is possible more are affected.

"By convincing a user to visit a specially crafted website, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers," said the researchers. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."

By clicking a malicious link, users can inadvertently give hackers full control over a router, giving access to a full list of internet traffic on the network, which may include personal details and login information.

Netgear has said it is working on a firmware version that will fix the command injection vulnerability, although there is no specific release date.

"Netgear is continuing to review our entire portfolio for other routers that might be affected by this vulnerability," said Netgear in a blog post. "If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well."

A beta version of updated firmware is currently available for R6400, R7000 and R8000 routers, although Netgear warned that these updates have not been fully tested and may not work for all users. Additional beta updates will be made available for the other models in the coming days, so make sure to keep an eye on Netgear's security blog.

Picture: Netgear's Nighthawk Smart WiFi router, R7000 model

Contributor

Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.