In a major setback for Netgear, it appears that at least two of its high-end routers may contain a severe security flaw according to an advisory issued by CERT.
The vulnerability itself is incredibly easy to leverage and simply relies upon accessing a specially crafted URL in the following format from the local network:
http://< router_IP >/
The above will result in a command injection attack via the router's web interface which will execute arbitrary commands with root privileges. Notably, the attack can be initiated remotely by an attacker who manages to fool a local user into clicking on a malicious URL hidden behind a shortened link. Otherwise, a nefarious user already on the local network can craft and visit a URL of their choice in order to achieve the same outcome.
So far, the two routers that have been confirmed to be susceptible to this vulnerability are:
- Netgear R6400 with firmware version 18.104.22.168_1.0.4 (and possibly earlier)
- Netgear R7000 with firmware version 22.214.171.124_1.1.93 (and possibly earlier)
While unconfirmed by CERT, one Reddit user indicated that their Netgear R8000 router was also affected by the flaw, which means that the list of impacted hardware may well expand over the coming days.
In terms of a present solution, CERT has advised that it "is currently unaware of a practical solution to this problem" with the only viable workaround being that users "discontinue use" of the routers until a fix is made available from Netgear. Whilst inconvenient, such a mitigation would help prevent affected devices from being enrolled in botnets, including those leveraging the Mirai source code posted online back in October, and used in large-scale DDoS attacks.