Waiting for a fix, stop using Netgear R7000 and R6400 routers to avoid hacks

The exploitation of the flaw is quite simple, attackers just need victims info into visiting a website that contains specially crafted malicious code to trigger the vulnerability.

“Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.” reads the advisory issued by the CERT/CC.”By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers. A LAN-based attacker may do the same by issuing a direct request.

The advisory states that in order to exploit the flaw, the victim could visit a website like:

http://<router_IP>/cgi-bin/;COMMAND

then the malicious commands would execute automatically with root privileges.

The code exploit for this vulnerability has been publicly released.

At the time I was writing there is no available fix for the issue neither a workaround, for this reason, the CERT strongly recommended Netgear users to “consider discontinuing use” of vulnerable Netgear R7000 and R6400 routers, until a patch is released by the company.

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.” states the CERT.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Netgear R7000 and R6400 routers, IoT)