Firmware Flaw Leaves Netgear Routers Vulnerable To Hacker Takover

Netgear R7000, R6400 and R8000 routers have been found to contain a flaw that could enable them to be exploited and taken over by hackers and cyber criminals.

Through exploiting a command injection flaw would -be hackers can execute arbitrary code on the router’s firmware and wreak havoc with the user’s network.

Netgear security flaw

Twitter user Acew0rm1 was responsible for finding the flaw but had shed little light yet on how the vulnerability was discovered.

Netgear said it is investigation the flaw but has yet to reveal much in the way it plans to fix the flaw or rollout a firmware update to seal the security hole.

“Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system,” the company said.

Given no list of vulnerable router models has been put out in circulation, it is difficult for users of Netgear users to understand what to do next to bypass the problem.

The computer emergency response team (CERT) has advised people with Netgear routers to stop using the device until more security details are revealed and the company moves to fix the flaw.

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available,” CERT said.

Such flaws in routers are particularly dangerous and no only do they expose a network to being taken over but hacked routers and also be used to form a botnet with other seized devices from which distributed denial of service (DDoS) attacks can be launched from, as seen with the Mirai bot net, as well as help spread malware.

The Mirai botnet appears to have been responsible for such DDoS attacks as the one aimed at Talk Talk and the Post Office which took down the companies’ broadband services, as well as flatten services such as Twitter and Spotify when it was used to knock out DNS servers supporting the popular web services.

As the spread of the Internet of Things (IoT) gathers pace, such vulnerabilities at the firmware level in hardware are likely to crop up more regularly unless action on encryption standards and certification are established before the spread of such connected devices become more pervasive.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

43 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago