Vulnerability leads CERT to advise against using Netgear routers

A number of Netgear routers have a security vulnerability which can be triggered by a malicious weblink from one machine on the network allowing a code injection allowing access to every attached device, the company has confirmed.

The vulnerability, VU #582384, which came to light late on Friday, has been confirmed by the US Computer Emergency Readiness Team (CERT) as affecting router models including R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000.

Netgear has said that other models may also be affected too, though it is keen to emphasise that only those models listed are subject to the announcement. Netgear has confirmed that it is actively working on a production firmware which plugs the vulnerability.

"While we are working on the production version of the firmware, we are providing a beta version of this firmware release," a spokesperson told Computing.

"This beta firmware has not been fully tested and might not work for all users. Netgear is offering this beta firmware release as a temporary solution, but Netgear strongly recommends that all users download the production version of the firmware release as soon as it is available."

The beta firmware is available for the R6400, R7000 and R8000 only.

As a work-around one security blogger has suggested that by typing http://[router-address]/cgi-bin/;killall$IFS'httpd' into your browser will kill any processes that are causing the problem. This is not official advice, however.

CERT is advising customers to stop using the affected routers until there's a patch.

Although the newly launched Orbi triband system shares a lot in common with the routers listed, it is not thought that this is affected.

In 2015, Netgear routers were found to be one of several brands affected by a drive-by DNS hopper vulnerability which had lain dormant for years.