Router Flaw Leads to Hijacking

Tuesday, December 13, 2016 @ 05:12 PM gHale

Netgear router models can end up hijacked by remote, unauthenticated attackers, according to a report with CERT/CC.

The vulnerability that can allow this takeover can end up exploited by convincing users to visit a specially crafted web site or visiting a legitimate site serving specially crafted malicious ads.

RELATED STORIES
Router Backdoor Still Under Attack
Hacking Device That Really Works
Potential of Proactive Cybersecurity: Report
Flaw in Common Computer Chip

“The vulnerability allows execution of Linux commands by simply appending the command to a URL. The commands execute with root privileges,” a researcher that goes by the name Kalypto Pink said in a blog post.

“This can be used to pop a telnet session, FTP, command your router to attack other computers, or pretty much anything else the malicious user wants to do,” the researcher said.

While the exploit leveraging this vulnerability has been publicly disclosed, the complete list of affected models is still unknown.

CERT/CC said Netgear R7000 (firmware version 1.0.7.2_1.1.93 and possibly earlier), R6400 (firmware version 1.0.1.6_1.0.4 and possibly earlier), and R8000, (firmware version 1.0.3.4_1.1.2) contain the vulnerability. Kalypto Pink said models R7000P, R7500, R7800, R8500, and R9000 are also vulnerable.

Netgear has yet to confirm these claims, as they said they are still investigating the issue. Firmware updates that address the flaw have not been made available.

CERT/CC advises users of vulnerable devices to either disable the web server each time the device restarts, or to stop using the device until a fix releases and they can implement it.



Leave a Reply

You must be logged in to post a comment.