Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

CERT advises users to 'discontinue use' of two Netgear routers due to major secu ...

$
0
0

CERT advises users to 'discontinue use' of two Netgear routers due to major secu ...

In a major setback for Netgear, it appears that at least two of its high-end routers may contain a severe security flaw according to an advisory issued by CERT.

The vulnerability itself is incredibly easy to leverage and simply relies upon accessing a specially crafted URL in the following format from the local network:

http://<router_IP >/ cgi-bin/;COMMAND

The above will result in a command injection attack via the router's web interface which will execute arbitrary commands with root privileges. Notably, the attack can be initiated remotely by an attacker who manages to fool a local user into clicking on a malicious URL hidden behind a shortened link. Otherwise, a nefarious user already on the local network can craft and visit a URL of their choice in order to achieve the same outcome.

So far, the two routers that have been confirmed to be susceptible to this vulnerability are:

Netgear R6400 with firmware version 1.0.1.6_1.0.4 (and possibly earlier) Netgear R7000 with firmware version 1.0.7.2_1.1.93 (and possibly earlier)

While unconfirmed by CERT, one Reddit user indicated that their Netgear R8000 router was also affected by the flaw , which means that the list of impacted hardware may well expand over the coming days.

In terms of a present solution, CERT has advised that it "is currently unaware of a practical solution to this problem" with the only viable workaround being that users "discontinue use" of the routers until a fix is made available from Netgear. Whilst inconvenient, such a mitigation would help prevent affected devices from being enrolled in botnets, including those leveraging the Mirai source code posted online back in October , and used in large-scale DDoS attacks.

Source: CERT via Bleeping Computer | Security image via Shutterstock


Viewing all articles
Browse latest Browse all 12749

Trending Articles