-
December 10th, 2016, 09:22 PM
#1
Multiple Netgear routers are vulnerable to arbitrary command injection
Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection.
To read the full story, please see:
http://www.kb.cert.org/vuls/id/582384
Eric
-
December 10th, 2016, 09:54 PM
#2
Oh boy. The report also mentioned the R8000. I'm assuming this will affect the R7900 and R6900/R6700 models from Costco too. Gotta keep an eye on this one.
-
December 10th, 2016, 10:54 PM
#3
-
December 12th, 2016, 03:24 PM
#4
http://www.pcworld.com/article/31495...o-hacking.html
More Netgear routers added to the list:
Netgear confirmed the vulnerability over the weekend and said that its R7000, R6400 and R8000 routers might be vulnerable. However, another researcher performed a test and reported that other routers from Netgear’s Nighthawk line are also affected. These include: R7000, R7000P, R7500, R7800, R8500 and R9000.
To test if your router is vulnerable, run this from a browser:
http://[router_ip_address]/cgi-bin/;uname$IFS-a
Ex. http://192.168.1.1/cgi-bin/;uname$IFS-a
If this shows any information other than a error or a blank page, the router is likely affected.
For a temporary fix, you can shut down the router's web server (management page) from a browser:
http://[router_IP_address]/cgi-bin/;killall$IFS’httpd’
Ex. http://192.168.1.1/cgi-bin/;killall$IFS’httpd’
If you need to access the management page, you can just reboot the router.
-
December 12th, 2016, 04:04 PM
#5
-
December 26th, 2016, 06:19 AM
#6
Confirmed vulnerable: R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, D7000
All products now have production firmware fixes available.
http://kb.netgear.com/000036386/CVE-2016-582384
Make sure to use a WIRED connection when updating firmware.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|