UPDATE Modern NETGEAR Routers Hit by Command Injection Vulnerability

Do you own a modern NETGEAR broadband router (i.e. R6200, R6400, R6700, R7000, R7100LG, R7300, R7900 and R8000)? If so then we’ve got bad news because a major security flaw, which was first identified and notified to the manufacturer in August 2016, still hasn’t been completely fixed.

The vulnerability, which has been described as “trivial” for a hacker to exploit, stems from the fact that NETGEAR’s kit doesn’t do a very good job of filtering out remote commands that have been sent via the Internet or even via your own Local Area Network (LAN).

As a result the hacker can easily gain access and then full control of the router, which has all kinds of security and privacy implications for any traffic that goes over your network.

Vulnerability Note VU#582384

Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, R6400, firmware version 1.0.1.12_1.0.11 and possibly earlier, and R8000, firmware version 1.0.3.4_1.1.2 and possibly earlier, contain an arbitrary command injection vulnerability.

By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting:

http:///cgi-bin/;COMMAND

An exploit demonstrating these vulnerabilities has been publicly disclosed.

Netgear’s advisory confirms that the R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 are vulnerable, though affected firmware versions are not enumerated. The vendor has indicated that their advisory will be updated as firmware updates are released.

The new exploit doesn’t require any sort of authentication and can work even when the device’s remote management feature is not visible to the Internet. In essence all the hacker has to do is get you to visit a website and this then runs the code that opens you up to a world of hurt.

Happily a beta firmware update has been released that can fix the issue on most of NETGEAR’s router models, but this doesn’t yet include the slightly older D6220, D6400, R6900 or D7000 series.

Many of the affected routers from NETGEAR are quite modern, particularly the R8000 “Nighthawk” series that has received plenty of glowing reviews. Admittedly any router can suffer from security exploits, although it’s usually much more common for such issues to affect older models (e.g. those that are no longer being supported) than the very latest kit.

A temporary fix does exist for those models that haven’t yet been updated, but it requires a little bit of technical knowledge.

UPDATE 20th Dec 2016

NETGEAR has now released a patch for all of the relevant models.