At least two Netgear routers, the R6400 and R7000 are vulnerable to a command injection flaw that is easy to exploit and could lead to the total takeover of the routers. This was disclosed yesterday, December 9th, and there has, as yet, been no response from Netgear.

netgear.routers

Netgear routers

Documentation on the flaw, so far, has been poor. Most importantly, it’s not clear, to me at least, whether the vulnerability can be exploited remotely, from the LAN side of the router or both. If it is locally exploitable, then using a non-standard IP address for the router should offer some defense. 

To read this article in full or to leave a comment, please click here