It's not a good time for Netgear. There are several reports that at least three versions of Netgear routers are vulnerable to a flaw that allows an attacker to gain root access (administrator access for you non-Unix readers) on the device and remotely run malicious code. CERT (Computer Emergency Response Team) has issued an advisory stating, "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available." Netgear R8000, R7000, R6400 routers and possible other models, CERT said, are vulnerable. The R7000 routers running firmware version 22.214.171.124_1.1.93 and R6400 devices running firmware version 126.96.36.199_1.0.4 and possibly earlier are vulnerable to the same command injection attack, CERT said.
A security researcher named Kalypto Pink also conducted tests and identified additional models vulnerable to the attack.
- NetGear AC1750-Smart WiFi Router (Model R6400)
- NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)
- NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
- NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
- NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
- NetGear AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
- NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
- NetGear AD7200-Nighthawk X10 Smart WiFi Router (Model R9000)
If you must continue to use an impacted router, the web management interface should be disabled. If you are still unsure if your router is impacted, Kalypto Pink has instructions to test your specific device.