NetGear Vulnerability Expanded

Kalypto • December 11, 2016

A vulnerability was discovered in some NetGear routers that allows remote command execution by visiting a malicious site or a legitimate site that has malicious ads served to it via AdSense or any number of other ad services.

The vulnerability allows execution of Linux commands by simply appending the command to a URL.  The commands execute with root privileges (god mode for not tech people).  This can be used to pop a telnet session, FTP, command your router to attack other computers, or pretty much anything else the malicious user wants to do.

As of the writing of this article, there has been no official patches released by NetGear and most news organizations reporting on this vulnerability are giving incorrect information.  Most have stated that only the R7000 and R6400 are vulnerable.  THIS IS INCORRECT.  I have tested all models below, with the exception of the R9000, and have found them to be vulnerable.

If you are running any of the following routers, please check if your router is vulnerable by following the directions below.  If you are vulnerable, please discontinue use until NetGear releases a patch.

• NetGear AC1750-Smart WiFi Router (Model R6400)
• NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)
• NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
• NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
• NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
• NetGear AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
• NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
• NetGear AD7200-Nighthawk X10 Smart WiFi Router (R9000)