Netgear has now confirmed that several of its routers including the R7000, R6400, and R8000 have security problems that could allow someone to take control of your router if you click on a malicious URL.
The infected routers are among Netgear’s best, including the expensive “Nighthawk” series. Others are suggesting that more routers are also susceptible to the security flaws like the R7500, R7800, R8500, and the R9000.
Right now, Netgear is working on patches to fix the routers (they have just released the patch for the R7000), but you can check right now to see if your router has vulnerabilities. These details come directly from Data scientist, Bas van Schaik:
- Check your router for the vulnerability by going to “http://[router-address]/cgi-bin/;uname$IFS-a” in your browser. You must replace the “router-address” with your IP address. If you see something besides an error, that means your router is affected!!
- If your router is affected, you can terminate the web server process that is exploitable. When you terminate the web server process it will kill the web configuration interface on your router until you reboot it. This is not a big deal, so type in “http://[router-address]/cgi-bin/;killall$IFS’httpd’” to your browser’s URL then head back to the URL in step one to make sure you now see an “error” page.
Remember, if you do restart your router, the vulnerability will open again so you need to wait until Netgear releases an official patch to fix the issue directly.
The way this vulnerability came into play was if someone sends you a malicious link and you clicked on it–which is unlikely, but if you do have one of these routers, it’s worth patching as soon as possible.