Netgear has detailed a new security vulnerability in three of its Nighthawk routers, and leaving that vulnerability unchecked may lead to some particularly nasty consequences for users. The vulnerability affects Nighthawk R6400, R7000, and R8000 routers, and could potentially allow attackers to inject arbitrary commands that are then carried out by the system. For the moment, Netgear hasn’t offered a fix for the issue.
That puts users in something of a difficult spot. Since these vulnerabilities are now well known, an attacker only needs to lure users to a malicious website to carry out command injection. Until a fix is issued by Netgear, vigilance will be key when browsing the internet.
The folks over CERT first notified users of the firmware vulnerability, and their suggested solution takes things one step further. CERT recommends that users with affected routers stop using them immediately, and resist using them until Netgear has issued a fix. Obviously, that’s a pain which only serves to make the Monday morning blues worse, but considering CERT says that exploiting this vulnerability is trivial, those who can stop using the affected routers should definitely do so.
For now, Netgear only says that it’s investigating the issue and will update users when it has more to share. The R6400 and R7000 are two of the more budget-minded Nighthawk offerings, so there could be a lot of people out there who are affected this vulnerability. There’s no word on yet a fix will arrive, but for something as serious and easily exploitable as this, you have to imagine that Netgear will try to get a patch out the door quickly.
We’ll keep an eye out for such a patch, but for now, try to avoid using one of these routers if you can help it. If you can’t avoid it, then make sure you’re only clicking link from sites you know are reputable. More information on the vulnerability can be found through the source link below.