In a major setback for Netgear, it appears that at least two of its high-end routers may contain a severe security flaw according to an advisory issued by CERT.
The vulnerability itself is incredibly easy to leverage and simply relies upon accessing a specially crafted URL in the following format from the local network:
http://<router_IP >/ cgi-bin/;COMMAND
The above will result in a command injection attack via the router's web interface which will execute arbitrary commands with root privileges. Notably, the attack can be initiated remotely by an attacker who manages to fool a local user into clicking on a malicious URL hidden behind a shortened link. Otherwise, a nefarious user already on the local network can craft and visit a URL of their choice in order to achieve the same outcome.
So far, the two routers that have been confirmed to be susceptible to this vulnerability are:Netgear R6400 with firmware version 188.8.131.52_1.0.4 (and possibly earlier) Netgear R7000 with firmware version 184.108.40.206_1.1.93 (and possibly earlier)
While unconfirmed by CERT, one Reddit user indicated that their Netgear R8000 router was also affected by the flaw , which means that the list of impacted hardware may well expand over the coming days.
In terms of a present solution, CERT has advised that it "is currently unaware of a practical solution to this problem" with the only viable workaround being that users "discontinue use" of the routers until a fix is made available from Netgear. Whilst inconvenient, such a mitigation would help prevent affected devices from being enrolled in botnets, including those leveraging the Mirai source code posted online back in October , and used in large-scale DDoS attacks.
Source: CERT via Bleeping Computer | Security image via Shutterstock