BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

These Netgear Routers Are Scarily Easy To Hijack

Following
This article is more than 7 years old.

Own a Netgear router? Make sure you check the model number on it, because a flaw has been discovered that makes a trio of Netgear routers trivially easy for hackers to exploit. All it takes is a visit to a craftily-coded website.

The three routers -- the R8000, R7000, and R6400 -- are vulnerable to what's called arbitrary command injection. That means, essentially, that they're willing to accept instructions from anybody that wants to give them. All an attacker has to do is pass the commands to the router via a URL. The router will simply comply without even asking for the admin credentials it would if you were, say, changing the password to your WiFi network.

The flaw is present in multiple firmware revisions, and it's possible that other Netgear routers are also vulnerable. Indeed, another researcher has found that at least three other routers in the R8xxx and R7xxx series can be exploited. A quick scan using the Shodan search engine shows at least 8,000 vulnerable Netgear routers connected to the Internet.

This particular vulnerability was disclosed to Netgear quite some time ago, but when the company didn't take action the hacker who discovered it went public. Netgear has now responded, saying they're currently investigating and will provide additional updates on the situation.

In the meantime, the U.S. Computer Emergency Readiness Team, or CERT, is recommending that users who own one of the affected routers to unplug it and stop using it immediately. Once a fix is made available, it should be installed offline via a USB flash drive.