Now you can fix your Netgear router vulnerability with firmware update

A few days back we talked about a serious security vulnerability in some of the popular Netgear routers. This security flaw allowed nefarious users to use unauthenticated web pages to pass form input directly to the command-line interface. That gave the potential for a remote attacker to inject arbitrary commands that could be executed by the system.

Netgear has officially confirmed the security flaw and has tested and found that the following products are vulnerable to the security flaw: R6250, R6400, R6700,, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400. Netgear says that it is working on a production firmware that will fix the command injection vulnerability and will release that firmware ASAP.

In the meantime there is a beta firmware that users can download ahead of the full production version being released. Netgear notes that as a beta firmware it hasn't been fully tested and may not work for some users. Each of the models listed above has a download link to get the beta firmware at the source below.

Netgear also says that it is continuing to review all of its products to determine if any others are vulnerable to this attack. Any other devices found to suffer from the vulnerability will be patched ASAP. This vulnerability was first discovered by CERT and it told users to stop using the products if possible because the vulnerability was easy to exploit and needed only to send users to a malicious website.

SOURCE: Netgear