An unpatched vulnerability exposes Netgear routers to hacking

The flaw allows hackers to execute arbitrary shell commands on affected devices

Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over.

An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that he reported the flaw to Netgear in August, but didn't hear back.

The issue stems from improper input sanitization in a form in the router's web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device.

The U.S. CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS).

Netgear confirmed the vulnerability over the weekend and said that its R7000, R6400 and R8000 routers might be vulnerable. However, another researcher performed a test and reported that other routers from Netgear's Nighthawk line are also affected. These include: R7000, R7000P, R7500, R7800, R8500 and R9000.

Users can check if their models are affected by accessing the following URL in a browser when connected to their local area network (LAN): http://[router_ip_address]/cgi-bin/;uname$IFS-a . If this shows any information other than a error or a blank page, the router is likely affected.

In some cases, replacing the IP address with www.routerlogin.net or www.routerlogin.com might also work, because Netgear routers resolve these domains names to their own local IP address.

Since the vulnerability can be exploited with an HTTP request that doesn't require authentication, hackers can attack the affected routers using cross-site request forgery attacks (CSRF). This works even when the routers don't have their management interfaces exposed to the Internet.

CSRF attacks hijack users' browsers when visiting specifically crafted web pages and send unauthorized requests through them. This makes it possible for a malicious website to force a user's browser to exploit the router over the LAN.

CERT/CC recommends that users stop using the affected routers until an official patch becomes available, if they can do so. However, there is a workaround that involves exploiting the flaw to stop the router's web server and prevent future attacks. This can be done with the following command: http://[router_IP_address]/cgi-bin/;killall$IFS'httpd' .

Because the web server will be shut down, the management interface will no longer be available and further attempts to exploit the vulnerability will fail, but this is only a temporary solution and needs to be reapplied every time the router is rebooted.

In order to protect themselves from CSRF attacks against routers in general, users should change their router's default IP address. Most of the time, routers will be assigned the first address in a predefined netblock, for example 192.168.0.1, and these are the addresses that hackers will try to attack via CSRF.

Routers have become an attractive target for hackers in recent years as they can be used to spy on user traffic and launch other attacks. Most commonly they are infected with malware and used in distributed denial-of-service (DDoS) campaigns.

There are many steps that users can take to improve the security of their routers and make it less likely that they will get hacked.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?