Security warning over Netgear routers issued by US-CERT

Arbitrary command injection flaw makes it easy for attackers to open up ports

A number of routers made by Netgear are vulnerable to an arbitrary command injection flaw that can be triggered simply by a user visiting a web site.

At least eight different Netgear routers have been found to be affected by the glaring security flaw by researchers at Carnegie Mellon University - but more may be vulnerable.

Users of the affected devices have been advised to stop using them until a fix is published.

The vulnerability, VU #582384, came to light late on Friday. It has been confirmed by the US Computer Emergency Readiness Team (CERT) as affecting router models including R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000.

Netgear has said that other models may also be affected too, although it is keen to emphasise that only those models listed are subject to the announcement. Netgear has confirmed that it is actively working on a production firmware which plugs the vulnerability.

"While we are working on the production version of the firmware, we are providing a beta version of this firmware release," a spokesperson told V3.

"This beta firmware has not been fully tested and might not work for all users. Netgear is offering this beta firmware release as a temporary solution, but Netgear strongly recommends that all users download the production version of the firmware release as soon as it is available."

The beta firmware is available for the R6400, R7000 and R8000 only.

As a work-around one security blogger has suggested that by typing http://[router-address]/cgi-bin/;killall$IFS'httpd' into your browser will kill any processes that are causing the problem. This is not official advice, however.

CERT is advising customers to stop using the affected routers until there's a patch.

Although the newly launched Orbi triband system shares a lot in common with the routers listed, it is not thought that this is affected.

In 2015, Netgear routers were found to be one of several brands affected by a drive-by DNS hopper vulnerability which had lain dormant for years.

The news comes just a week after routers issued by internet service provider (ISP) TalkTalk were found to be compromised in a new cyber attack.