
A recently discovered vulnerability in the Nighthawk series of Netgear routers allows remote attackers to compromise the router and the victim’s network.
This vulnerability can be exploited when the victim visits a web page with malicious code. The exploit for this vulnerability has already been made public, documenting how an attacker may execute administrator-level commands on the router. One example is remotely opening a Telnet session on the router, providing a command-line interface to further attack the victim’s router or network.
The vulnerability has been confirmed to affect R7000, R6400, and R8000 models. Netgear has acknowledged the issue in a recent knowledge base article, but currently does not offer a fix or a workaround. CERT suggests either discontinuing the use of the router until Netgear releases a patch or temporarily disabling the router’s web server using the following URL command (replace<router_IP> with your router’s IP address):
http://<router_IP>/cgi-bin/;killall$IFS’httpd’
The affected web server will remain disabled until the router is restarted.
Image credit: Netgear, Inc.