Tech experts warned Netgear router owners about the dangers several units pose to their personal information. After they conducted an analysis of several models the company has previously released, the experts concluded that at least three models suffered from serious security issues. As a result, the router is exposed to basic attacks and will allow hackers to take control of the unit, ultimately being able to access the owner’s sensitive information.
Until a fix has been released, the experts recommend that the R8000, R6400, and R7000 owners should stop using the routers.
Netgear Routers Security Issues
The U.S. Computer Emergency Readiness Team has acknowledged the Netgear routers’ vulnerability. After studying the issue in more detail, CERT explains to the broad public how Netgear users could unwillingly subject themselves to cyber attacks. According to a CERT announcement released on Friday, December 9th, the attacker could execute a set of arbitrary commands with root privileges on the affected units via a specially crafted website. However, the attack could be possible only if the unauthenticated attacker persuades its victim to visit the aforementioned malicious website.
An anonymous researcher, Acew0rm was able to create and later on post such a web page online in order to show how a hacker could gain access to privileged information through the Netgear routers. The experts associate the vulnerability issues with the Netgear units’ inability to protect the user from harmful commands disguised as web URLs.
The company has confirmed the vulnerability issues attributed to the malfunctioning routers. At the same time, Netgear says in a written statement that the company is working to fix the problem.
However, the brief announcement did not shed any light whether there are more routers suffering from the same problems issued by the company, like the Netgear X10. Nevertheless, CERT says that while the R7000, R6400, and R8000 are compromised until a fix will be released, they are also looking into other routers, as well.
In order to prevent possible cyber attacks, the company has identified a solution. However, it is only a temporary fix meant to keep hackers at bay until the affected routers have been rebooted.
In order to verify if the router in compromised, a user can visit the http://[router-address]/cgi-bin/;uname$IFS-a address. If the web page displays anything but an error, the unit is under attack. However, the users can next point their browsers to this URL in order to terminate the web server processes: http://[router-address]/cgi-bin/;killall$IFS’httpd‘. However, if the users reboot their unit, the fix will no longer work. Nevertheless, they can repeat the process after a reboot to make the unit secure again.
Image Source: Wikipedia