Cybersecurity researchers have been wary of the security of IoT and smart home devices since their debut. And they’ve mostly been correct in guessing that it will become the hottest attraction for hackers in the coming years. It’s proving to be a deep rooted problem as every day highlights a newly found flaw in these devices.
Joining the list today is – Netgear, whose routers are said to be vulnerable to a severe security flaw. This vulnerability was first discovered by Twitter user Aceworm1, who was able to access the routers. The two models affected by this security flaw includes the R7000 and R6400 routers. But the company has released an update statement saying that R8000 might also be affected. All affected routers are either using the current or recent firmware – nothing too old. This vulnerability allows hackers to access the network via arbitrary command injection.
Talking about how one can easily exploit this flaw, the official release reads:
By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.
The usage of these affected models should be discontinued until a fix for the vulnerability is made available, states an advisory posted in Carnegie Mellon University’s public vulnerability database (CERT). The said warning has been sent out to Netgear router users because the code to exploit the vulnerability has been released online to the public. This can enable anyone with minimal networking knowledge to carry out attacks and add routers to the IoT botnet army.
This vulnerability was first reported to the company about four months ago but it has failed to issue an update patch for the same. There is currently no update about this vulnerability from Netgear. For those who one of these three routers, you can now check if your device is vulnerable to attacks or not. And if it is, there is also a temporary fix to avoid unnecessary damage.
Aceworm1, the user who spotted the flaw, has now posted a YouTube video to help those who own a Netgear router to check if their device’s status. You can use the code shared by him on his Github and let’s hope it itself isn’t a hack. (fingers crossed)
As for the temporary fix, this is necessary for those who don’t have a spare router lying around their home. And also they want their device to become a part of the rapidly expanding Mirai botnet – which was recently used to target Deutsche Telekom. This fix has been provided by Bas and exploits the flaw to stop the router’s web server. It will disable access to the settings portal and keep the router functional.
[UPDATE / Dec 14]: Netgear has finally responded to the public release of the vulnerabilities and confirmed that a lot of its routers are vulnerable to remote attacks. And they’ve been in the same condition for months now. Here is a list of affected devices:
Further, the company adds that it is working on “a production firmware version that fixes this command injection vulnerability and will release it as quickly as possible.” Plus, it has currently released a beta firmware update for some of the affected routers — R6250, R6400, R6700, R7000, R7100LG, R7300DST, R7900 and R8000. It is currently in the process of reviewing its entire portfolio of routers to check if they’re affected by the vulnerabilities.