Netgear noted that several of their routers have a command injection Vulnerability issue where an attacker can use a phishing method to gain control of your router.
From the vulnerability Notes Database:
R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 contain an unauthenticated command injection vulnerability that may be executed directly or via cross-domain requests. Known affected firmware versions include Netgear R7000 version 18.104.22.168_1.1.93, R6400 version 22.214.171.124_1.0.11, and R8000 version 126.96.36.199_1.1.2. Earlier versions may also be affected. The command injection vulnerability has been assigned CVE-2016-6277.
By convincing a user to visit a specially crafted web site, a remote, unauthenticated attacker may execute arbitrary commands with root privileges on affected routers. An unauthenticated, LAN-based attacker may do the same by issuing a direct request, e.g. by visiting: http:///cgi-bin/;COMMAND
How do I know if I’m affected?
You can verify that your router is affected by going to this URL:
If a web page appears (which is not an error): you’re vulnerable.
How do I fix it?
Depending on which router you have, you’ll need to download a different firmware. All products followed by a single asterisk (*) have beta firmware fixes available. All products followed by three asterisks (***) have production firmware fixes available. You’ll find the download and instructions over on Netgear’s support pages, just click the link for your model:
- R6250 ***
- R6400 ***
- R7000 ***
- R8000 ***
- R6700 *
- R6900 *
- R7100LG *
- R7300DST *
- R7900 *
- D6220 *
- D6400 *
On mine, because I was not affected; I simply went to the Upgrade page and let it do it’s thing…
- Log in to the router using a Web browser. Or as per Netgear, you can just go to http://www.routerlogin.net.
- Click the check button and then apply the update.
Let your router reboot and you’ll be all set.