Connect with us

Hi, what are you looking for?

Netgear user finds vulnerability in router, leaving it open to hackers and other attacks. Patches have been made, but users should still consider unplugging

Movies

Vulnerability Found In Popular Netgear Routers

Netgear user finds vulnerability in router, leaving it open to hackers and other attacks. Patches have been made, but users should still consider unplugging
PopWrapped

Published

A new vulnerability has been found in some popular Netgear routers. If left unpatched and unchecked, “thousands of home networking devices [could be] exposed to full control by hackers” and botnets. Unfortunately, with so many models affected, it’s hard for Netgear to supply fixes for all of them — the ones they’ve handed out so far are tentative at best.

Security Researcher Andrew Rollins (aka Acew0rm) discovered the flaw in August 2016. Unfortunately, Netgear did not respond to his notification, and Rollins later decided to go public with his knowledge. The Department of Homeland Security’s (DHS) CERT group picked up on Rollins’s message and has advised other users to “pull the plug.”

“Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available,” the CERT notice said.

Netgear initially said only three of its products had the vulnerability but later confirmed that eight of its routers (R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000) have been affected by the vulnerability; they “declined to comment on why it’s taking so long to release a production-grade firmware update.”

According to Wired, Netgear released beta patches on Tuesday. Sadly, they may not work for all of the models and have yet to be completely tested.

“Compounding the issue is that Netgear customers have to install the firmware themselves; the company says it has no process in place to push an over-the-air update, and that customers will have to manually install it on their own.”

Advertisement. Scroll to continue reading.

Rollins claims the vulnerability is not that hard to fix and believes Netgear is just dragging their feet on the issue.

“What surprised me most is that Netgear was notified of this vulnerability months ago, but didn’t act,” researcher Bas van Schaik said after he published a temporary fix for the vulnerability on Friday. “Given the significant severity of the vulnerability, I find that as appalling as it is baffling.”

Users who believe their routers have been affected should download a patch immediately. van Schaik’s workaround has been recommended by CERT, but disconnecting the router altogether is another viable option.

Author

In this article:
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommend for You

Movies

Jedward Announces Next Single From Upcoming Album

Irish duo Jedward announced their new single from their upcoming album; a follow-up to the song, 'Free Spirit.'

September 22, 2014

Cher Lloyd to Guest Star on Big Time Rush!

NULL

January 25, 2013

Movies

‘Hatred’ Fuels Hardened Hearts This Week on Revenge

NULL

January 20, 2014

Movies

John Legend’s Beautiful Ballad “All Of Me” To Get A Very Glee-ful Makeover

NULL

April 24, 2014
Advertisement