Vulnerability leads CERT to advise against using Netgear routers
A number of Netgear routers have a security vulnerability which can be triggered by a malicious weblink from one machine on the network allowing a code injection allowing access to every attached device, the company has confirmed.
The vulnerability, VU #582384, which came to light late on Friday, has been confirmed by the US Computer Emergency Readiness Team (CERT) as affecting router models including R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000.
“While we are working on the production version of the firmware, we are providing a beta version of this firmware release,” a spokesperson told Computing.
“This beta firmware has not been fully tested and might not work for all users. Netgear is offering this beta firmware release as a temporary solution, but Netgear strongly recommends that all users download the production version of the firmware release as soon as it is available.”
The beta firmware is available for the R6400, R7000 and R8000 only.
CERT is advising customers to stop using the affected routers until there’s a patch.
Although the newly launched Orbi triband system shares a lot in common with the routers listed, it is not thought that this is affected.
In 2015, Netgear routers were found to be one of several brands affected by a drive-by DNS hopper vulnerability which had lain dormant for years.