On December 9, 2016 we first learned of a command injection vulnerability in some Netgear routers. In the worst case, simply viewing a malicious web page could result in your router being hacked. What follows is a recap and expansion of the issue, along with the latest developments. Then, some Defensive Computing suggestions for protecting a router.
Netgear is communicating via their Security Advisory for VU 582384. It has been updated many times since it was initially published and should have the latest information.
To date, the company has confirmed that 11 router models are vulnerable. You might think that enough time has passed for this list to be final, but the advisory still says “NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability.”