Menu
Netgear starts patching routers affected by a critical flaw

Netgear starts patching routers affected by a critical flaw

The company has identified eight affected models so far and has released beta firmware updates

Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that's publicly known and could be exploited by hackers.

The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company's Nighthawk series. The company initially confirmed the flaw in three models -- R6400, R7000, R8000 -- but it has since expanded the list to include five more.

The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000. This list might not be complete as Netgear continues to analyze the flaw's impact to its entire router portfolio.

The company is working on firmware updates for all affected router models, but for now it only released beta versions for R6400, R7000 and R8000. Beta firmware versions for some of the remaining models will be released as early as Tuesday, the company said in an advisory.

"This beta firmware has not been fully tested and might not work for all users," the company said in its advisory. "NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available."

The vulnerability allows attackers to execute arbitrary shell commands on affected devices by sending maliciously crafted HTTP requests to their web-based management interfaces. The U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS).

Until a firmware update becomes available for their routers, users can use a workaround that actually exploits the vulnerability in order to stop the router's web server and prevent further exploitation. This can be done by accessing http://[router_IP_address]/cgi-bin/;killall$IFS'httpd' in a browser from a computer on the same network as the router, but the mitigation only lasts until the device is rebooted.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments