Several Netgear routers are vulnerable to a command injection flaw and can be remotely hijacked, according to an US-CERT advisory.
Exploiting this vulnerability is trivial”, the advisory reads. “By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers.”
The flaw, discovered by a user going by the Twitter handle Acew0rm, affects models R7000 and R6400 running older and current firmware. US-CERT also added the R8000, firmware version 126.96.36.199_1.1.2, on the list of vulnerable devices.
An exploit leveraging this severe vulnerability has been publicly disclosed, enticing hackers to carry out attacks on the vulnerable aforementioned equipment.
Shodan reports some 2600k Internet-facing Netgear R7000 routers and around 800 R6400 routers, in the US only. Most of them are used by telecom/cable companies.
US-CERT advises users to stop using the flawed devices, until a fix becomes available. It also recommends a temporary workaround aimed at disabling the web server until the device is restarted.