Netgear's wireless LAN router was discovered vulnerability arbitrarily executed code remotely, experts strongly recommend discontinue use

Netgear's wireless LAN router was found to be vulnerable to external code execution. Organization studying American Internet securityCERT Coordination Center (CERT / CC)I want users to stop using it.

Vulnerability Note VU # 582384 - Multiple Netgear routers are vulnerable to arbitrary command injection
https://www.kb.cert.org/vuls/id/582384

CERT Warns Users to Stop Using Two Netgear Router Models Due to Security Flaw
https://www.bleepingcomputer.com/news/security/cert-warns-users-to-stop-using-two-netgear-router-models-due-to-security-flaw/

CERT asked for discontinuation of two models, Netgear's wireless LAN routers "R7000" and "R6400". this houseR7000 (R7000-100JPS)Is also being sold in Japan, becoming a popular router as a low-cost and high-performance model.


According to CERT, for R7000 with firmware version 1.0.7.2_1.1.93 or earlier and R6400 with firmware version 1.0.1.6_1.0.4 or earlier, by accessing a specific website, the attacker can issue arbitrary commands from the outside It can be executed. Specifically, if you take a URL like "http: // (router's IP address) / cgi-bin /; COMMAND", any command will be executed on the router with root privilege. In addition, it is pointed out that an attacker could make it difficult to detect attacks by using shortened URLs, and that similar attacks are possible using direct requests even via the local network.

CERT has a high score of "9.3" (maximum 10 points) based on CVSS metrics about the risk of this vulnerability, while raising a countermeasure such as invalidating the Web server function, the user is Netgear We recommend that you refrain from using the wireless LAN router until the fix update is released.

In addition, the bulletin board reddit has been pointed out that "R 8000" is also affected in addition to R 7000 · R 6400 which vulnerability was pointed out by CERT.

Comment that noxlator completed about Netgear R 7000 and R 6400 routers are vulnerable to arbitrary command injection
https://www.reddit.com/r/netsec/comments/5hfkc2/netgear_r7000_and_r6400_routers_are_vulnerable_to/db00717/