CERT Says Stop Using Some Netgear Routers

Carnegie Mellon’s Computer Emergency Response Team issued an alert regarding some Netgear Internet Routers that are susceptible to a vulnerability for which there is, apparently, no good fix.

They called out two routers in particular, the R6400 and R7000, but while Netgear has been very quiet about it, they did post a security update on Sunday saying that the R8000  is also vulnerable and others may be vulnerable too.

All that is required to take over the router is to get the owner to visit a specially crafted web page and the attacker will own the router.

If the attacker is inside your network – for example after a phishing attack – then the attacker can issue a command similar to this:

http://<router-ip>/cgi-bin/;COMMAND

and again, can take over the router.

Carnegie Mellon suggests that you can disable the web interface – making the router unmanageable by a hacker – and also unmanageable by you.

The alternative, CMU says, is to take your router outside, run it over with your car a few times to get rid of your frustrations and buy a new router.

For whatever reason, CMU says that they are unaware of a practical solution to this problem.

Think about that.  Apparently the problem is so hard to fix for whatever reason that they are recommending replacing the router.

The fact that Netgear is being so quiet about it would tend to indicate that this is not something that is easily patchable for whatever reason.

What seems possible here is for the attacker, after he or she gets control of it, to use your router and your Internet bandwidth to attack other websites.

Sooooooo,

If you have a Netgear router at your home or office, it sounds like the smart thing to do would be to replace it with a different brand,

Talk about reputational damage.  Holy router hack Batman.

Information for this post came from ZDNet and CERT.

by