There’s a flaw in the firmware of some Netgear routers – specifically models R7000, 6400, R8000 – leaving them open to remote access by a third party using code that is publicly available online.
Netgear says it is aware of, and is currently investigating, the security issue.
Details of the The vulnerability were first posted by CERT, and Netgear quickly released a statement that reads as follows:
Netgear has recently become aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbitrary commands which are then executed by the system.
The following products might be vulnerable:
R7000
R6400
R8000NETGEAR is investigating and will update this article once we have more information.
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR’s mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
Netgear goes on to say if you have any security concerns, to contact them directly at security@netgear.com
We will continue to update this story as it develops.