Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Netgear R7000, R6400, and R8000 routers vulnerable

09 Dec 2016   #1
Brink

64-bit Windows 10 Pro
 
 
Netgear R7000, R6400, and R8000 routers vulnerable

Quote:
NETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.

NETGEAR has tested the following products and confirmed that they are vulnerable:

All products followed by an asterisk (*) have beta firmware fixes available—see below.
  • R6250*
  • R6400*
  • R6700*
  • R6900*
  • R7000*
  • R7100LG*
  • R7300DST*
  • R7900*
  • R8000*
  • D6220*
  • D6400*
NETGEAR is working on a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible.

While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.

Beta firmware is currently available for the models listed below, and beta firmware versions for the remaining models are being worked on and will be released as soon as possible, some as early as Tuesday, December 13[SUP]th[/SUP].

To download the beta firmware, which fixes the command injection vulnerability, visit the firmware release page for your model and follow the instructions:
NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.

NETGEAR will continue to update this knowledge base article when we have more information.
[HR][/HR]We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.

It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
If you have any security concerns, you can reach us at security@netgear.com.


Source: Security Advisory for VU 582384 | Answer | NETGEAR Support


Read more:


My System SpecsSystem Spec
.
12 Dec 2016   #2
Brink

64-bit Windows 10 Pro
 
 

Updated to include Netgear R8000 routers.
My System SpecsSystem Spec
12 Dec 2016   #3
xips

 
 

Vulnerability also includes the following Netgear routers with Netgear firmware: R7000P, R7500, R7800, R8500, R9000

A viable and current secure solution for the R7000 router is 3rd party firmware such as TomatoUSB or Asuswrt-Merlin firmware. I'm not sure about firmware availability for the other models.
My System SpecsSystem Spec
.

Reply

 Netgear R7000, R6400, and R8000 routers vulnerable




Thread Tools




Similar help and support threads
Thread Forum
Millions of routers vulnerable to hack attack - Is yours?
According to security researcher Craig Heffner, about half the existing models of home routers, including most Linksys, Dell, and Verizon, are vulnerable to being hacked. Read More: Millions of routers vulnerable to hack attack - Is yours? | ZDNet “Millions” Of Home Routers Vulnerable To...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:35.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App