Waiting for a fix, stop using Netgear R7000 and R6400 routers to avoid hacks

Waiting for security patches, the CERT/CC suggests to stop using Netgear R7000 and R6400 routers to avoid being hacked. Other routers potentially exposed.

IoT devices are privileged targets for threat actors, the Mirai botnet is the demonstration of the effects of a massive attack powered with smart objects, including routers, CCTV and DVRs.

Now the security experts are warning of serious security issues in two Netgear routers. The Netgear R7000 and R6400 routers are affected by a critical vulnerability that could be exploited by remote attackers to run malicious code with root privileges.

Unfortunately, current and latest versions of the Netgear R7000 and R6400 routers running current and latest versions of the firmware are vulnerable to arbitrary command injection attacks.

At the time I was writing we cannot exclude that also other models may be vulnerable.

The Carnegie Mellon University CERT published a security advisory (Vulnerability Note VU#582384) to warn of multiple Netgear routers are vulnerable to arbitrary command injection.

The exploitation of the flaw is quite simple, attackers just need victims info into visiting a website that contains specially crafted malicious code to trigger the vulnerability.

“Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.” reads the advisory issued by the CERT/CC.”By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers. A LAN-based attacker may do the same by issuing a direct request.

The advisory states that in order to exploit the flaw, the victim could visit a website like:

http://<router_IP>/cgi-bin/;COMMAND

then the malicious commands would execute automatically with root privileges.

The code exploit for this vulnerability has been publicly released.

At the time I was writing there is no available fix for the issue neither a workaround, for this reason, the CERT strongly recommended Netgear users to “consider discontinuing use” of vulnerable Netgear R7000 and R6400 routers, until a patch is released by the company.

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.” states the CERT.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Netgear R7000 and R6400 routers, IoT)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.