Netgear appears to have a very serious security problem on their hands as a recent security advisory from the company identifies at least eleven popular routers vulnerable to hacking.
According to the security advisory, the security issue “… allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.” Essentially, hackers will be able to easily take control of an affected router stealing information that passes through or turning millions of affected routers into a botnet for conducting malicious activities.
The eleven routers identified so far as being affected includes the R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220 and D6400. Netgear has already issued beta firmware for these routers which should patch the issue; however, Netgear states that this is only a temporary solution at this time. No timeline of when production versions of the firmware will be available. For those unable to get the firmware, Department of Homeland Security’s CERT group recommends either disabling the web server, disabling remote administration or simply discontinue use.
While Netgear is actively working on solving this issue, what caused quite a bit of controversy over the past few days is that according to Wired, a security researcher by the name of Andrew Rollins had contacted Netgear about this issue at the end of August. However, he was ignored at the time. After waiting for several months, Rollins recently decided to make the issue public which has created the necessary urgency for Netgear to act.
Those interested in more information take a look at Netgear’s full security advisory here. Those with affected routers can also download the beta firmware as well.
