Netgear Routers Remote Command Injection Vulnerability

Last Update Date: 12 Dec 2016 10:41 Release Date: 12 Dec 2016 4046 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability was identified in Netgear R7000 and R6400 routers, A remote user can cause arbitrary command to be executed on the target user's system.

 
Note: No official solution is currently available

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

R7000

  • Firmware version 1.0.7.2_1.1.93 and earlier
R6400
  • Firmware version 1.0.1.6_1.0.4 and earlier

Solutions

  • No official solution is currently available.
  • Workaround:
Temporarily disable web server by the following URL:
http://<router_IP>/cgi-bin/;killall$IFS'httpd'
 
Note: after performing this step, your router's web administration page will not be available until the device is restarted. Please read Bas' Blog for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Microsoft Remote Desktop Client for Mac Remote Code Execution Vulnerability

9 Dec 2016 4357 Views

Next

Adobe Monthly Security Update (Dec 2016)

14 Dec 2016 4375 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY