Multiple Netgear routers are vulnerable to arbitrary command injection

[ecross]

Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection.

To read the full story, please see:

http://www.kb.cert.org/vuls/id/582384

[Midknyte]

Oh boy. The report also mentioned the R8000. I'm assuming this will affect the R7900 and R6900/R6700 models from Costco too. Gotta keep an eye on this one.

[Train]

http://www.zdnet.com/article/two-net...o-remote-hack/

Hope they fix those kernels.

3 just patched for pc and servers.
http://www.takeitgame.com/link/9560_...-holes-patched

[Midknyte]

http://www.pcworld.com/article/31495...o-hacking.html
More Netgear routers added to the list:

Netgear confirmed the vulnerability over the weekend and said that its R7000, R6400 and R8000 routers might be vulnerable. However, another researcher performed a test and reported that other routers from Netgear’s Nighthawk line are also affected. These include: R7000, R7000P, R7500, R7800, R8500 and R9000.

To test if your router is vulnerable, run this from a browser:
http://[router_ip_address]/cgi-bin/;uname$IFS-a

Ex. http://192.168.1.1/cgi-bin/;uname$IFS-a

If this shows any information other than a error or a blank page, the router is likely affected.


For a temporary fix, you can shut down the router's web server (management page) from a browser:
http://[router_IP_address]/cgi-bin/;killall$IFS’httpd’

Ex. http://192.168.1.1/cgi-bin/;killall$IFS’httpd’

If you need to access the management page, you can just reboot the router.

[ecross]

Netgear has released some information here.

http://kb.netgear.com/000036386/CVE-2016-582384

[Midknyte]

Confirmed vulnerable: R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, D7000
All products now have production firmware fixes available.

http://kb.netgear.com/000036386/CVE-2016-582384

Make sure to use a WIRED connection when updating firmware.