NetGear Security Advisory for Netgear Routers (R6250-R8000) VU 582384

Hi All,

Just got this in email and thought of sharing.

Netgear Users Advised by CERT to Stop Using These Routers Due to Critical Security Flaw

The following products might be vulnerable:
R6250
R6400
R6700
R6900
R7000
R7100LG
R7300
R7900
R8000
D6220
D7000

http://kb.netgear.com/000036386/CVE-2016-582384

https://www.kb.cert.org/vuls/id/582384

Comments

  • Netgear is a real dud lately. Just like their devg2020's.

  • It's probably going to affect a lot of OzBargainers as NetGear R7000 was featured in many deals and often recommended in forums. I have one in fact (bridging to cable modem) but running DD WRT so not vulnerable to this particular exploit.

  • Confirmed list of affected routers has been updated:
    R6250
    R6400
    R6700
    R7000
    R7100LG
    R7300
    R7900
    R8000

    Beta firmware is out now… for 8000, 7000, and 6400

  • Merged from Some Netgear routers vulnerable to an remote attack, Netgear warns. Check if your router is vulnerable (guide)

    From Engadget:

    Several Netgear routers, including some of most popular models on Amazon, have been vulnerable to remote attacks for months. According to Wired, a security researcher named Andrew Rollins discovered the flaw and notified the company about it way back on August 25th but didn't get a reply. He went public with the information after waiting for over three months, prompting Homeland Security to issue a warning a few days ago. Now, the company has finally admitted that it's aware of the problem, named all the affected devices and released patches for some of them.

    Based on Netgear's announcement, there are 11 affected devices.

    R6250*
    R6400*
    R6700*
    R6900
    R7000*
    R7100LG
    R7300
    R7900
    R8000*
    D6220
    D7000 
    

    The company already issued patches for the R6250, R6400, R6700, R7000 and R8000, but you'll have to install them manually since Netgear doesn't have a means to push an over-the-air update. It's unclear why the company isn't done putting patches together for the other models — Rollins told Wired that it's making Netgear look incompetent as the flaw is "not that hard to fix at all."

    In case you're using any of the models that has yet to be patched, you may want to take Homeland Security's advice. The flaw is pretty easy to exploit, after all, and a hacker could easily take control of your computers to make them part of a botnet. DHS pointed to a blog post by computer science researcher Bas van Schaik for a temporary fix, though it mentioned a much easier option you can take: stop using your router until a patch is available.


    How to identify

    source: CSO online

    Identification and a possible temporary fix:

    A single line of code is all an attacker needs to exploit the vulnerable Nighthawk routers. The line below, as reported by Bas van Schaik, will help Netgear customers identify vulnerable hardware.

    http://[router-address]/cgi-bin/;uname$IFS-a

    Using the network's internal IP address to replace [router-address], visit the URL above. If anything but an error or blank page is displayed, the router is affected by this vulnerability.

    If vulnerable, using the URL below (again using the internal IP address), will disable the server process that could be exploited.

    http://[router-address]/cgi-bin/;killall$IFS'httpd'

  • what about other brands of modem/routers.How does TP-Link fair?

Login or Join to leave a comment