- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Owners of Netgear R8000(X6), R7000(Nighthawk) or R6400 wifi routers, please read
Posted on 12/12/16 at 9:19 am
Posted on 12/12/16 at 9:19 am
quote:
Bad news for consumers with Netgear routers: Two popular Netgear routers are vulnerable to a critical security bug that could allow attackers to run malicious code with root privileges.
Netgear's R7000 and R6400 routers, running current and latest versions of firmware, are vulnerable to arbitrary command injection attacks, though the number of users affected by the flaw is still unclear.
In an advisory published on Friday in Carnegie Mellon University's public vulnerability database (CERT), security researchers said that all an attacker needs to do is trick a victim into visiting a website that contains specially crafted malicious code to exploit the flaw.
As soon as the victim lands on the page, the malicious commands would execute automatically with root privileges on affected routers.
A working exploit leveraging the vulnerability has also been publicly released so that anyone can carry out attacks against the vulnerable routers.
Researchers warned that other router models might also be affected by the vulnerability, advising Netgear users to stop using the routers until a patch is released.
quote:
A working exploit leveraging the vulnerability has also been publicly released so that anyone can carry out attacks against the vulnerable routers.
Researchers warned that other router models might also be affected by the vulnerability, advising Netgear users to stop using the routers until a patch is released.
Your router could be compromised with no fixed release date for a patch. So, CERT strongly recommended Netgear users to "consider discontinuing use" of the affected routers until a patch is made available.
Hackers are increasingly targeting insecure, vulnerable routers with the purpose of making them part of nasty IoT botnets that are used to launch massive distributed denial-of-service (DDoS) attacks to knock online services offline.
Over a month ago, we saw Mirai Botnet taking entire Internet offline for few hours just by launching DDoS attacks (came from insecure IoT devices) against Dyn DNS service that crippled some of the world's biggest and most popular websites.
Just last week, nearly 1 Million users in Germany were also deprived of telephony, television, and Internet service after a supposed cyber-attack hijacked home broadband routers belonging to Deutsche Telekom.
Link to full article on The Hacking News
I own a Netgear R7000 ad I've been looking for a reason to buy a new router. I've been looking to getting either an Asus AC3100, Asus AC5300 (if I really want to go overboard) or a Netgear X6-AC3200.
Anyways, thought I would pass this along to the other owners of the Netgear R7000 or R6400 on this board.
ETA: Will be posting updates to OP as I or others find information (bear with me, I'm working from my phone because I forgot to pay my internet bill... good thing I guess? )
Update 1:
***Temporary Fix***
Currently known impacted Routers:
- Netgear R6400 "?" (AC1750)
- Netgear R7000 "Nighthawk" (AC1900)
- Netgear R8000 "X6" (AC3200)
Security Advisory from Netgear.com
CERT Vulnerability Report (linked in article)
Exploit Database entry (linked in article)
This post was edited on 12/12/16 at 6:14 pm
Posted on 12/12/16 at 9:46 am to drewnbrla
Following.
I just bought (on Saturday) a Netgear R7000.
I just bought (on Saturday) a Netgear R7000.
Posted on 12/12/16 at 10:02 am to Will Cover
That sucks man. Talk about bad timing
Did you keep the receipt? If so, go exchange it.
Did you keep the receipt? If so, go exchange it.
Posted on 12/12/16 at 10:23 am to Will Cover
I have the R7000 as well but do not have a computer hooked to it. Only use wifi for smart phones and gaming consoles and streaming media devices
LINK
LINK
Posted on 12/12/16 at 10:41 am to drewnbrla
well damn. I recommend the R7000 to everyone. I don't use it as my primary router anymore because it can't handle 1Gb WAN to LAN, but I have it hooked up as a VPN server. Guess I will need to pull it for now.
Posted on 12/12/16 at 10:55 am to meauxjeaux2
quote:
I have the R7000 as well but do not have a computer hooked to it. Only use wifi for smart phones and gaming consoles and streaming media devices
Is the vulnerability limited to computers or can it be exploited by smart phones as well?
Posted on 12/12/16 at 10:56 am to Layabout
i'd like some clarification on this as well.
Posted on 12/12/16 at 11:31 am to meauxjeaux2
I'm not sure. Neither the article or the cited links provide any insight into this. One would think they would have included this sort of information but obviously they didn't. The article suggests removal of the router all together (i.e. Use a different router) until the vulnerability is patched.
Posted on 12/12/16 at 11:55 am to drewnbrla
X4 here. Hopefully it's not affected.
Posted on 12/12/16 at 12:19 pm to SATNIGHTS
You appear to be ok (keyword appear). Although don't be surprised if the X4 (R7500) is added to the list in the near future because in the link posted by meaux, this exploit includes the X6 (R8000) router so that model is out for me. Guess it's Asus or bust for me at the moment.
Posted on 12/12/16 at 12:25 pm to drewnbrla
quote:
security researchers said that all an attacker needs to do is trick a victim into visiting a website that contains specially crafted malicious code to exploit the flaw
So don't watch porn until they get the patch. Easy enough.
Posted on 12/12/16 at 12:30 pm to TeddyPadillac
quote:
So don't watch porn until they get the patch. Easy enough.
I can't fap to this.
Posted on 12/12/16 at 1:21 pm to drewnbrla
I have a R6700 Costco model. I wonder if this effects it.
Posted on 12/12/16 at 1:27 pm to Hu_Flung_Pu
To be honest, If you have a Netgear router, I'd pull it for the time being. It sucks but you don't want to take any chances.
Posted on 12/12/16 at 1:40 pm to drewnbrla
I'm unclear on what is going on with it. If I don't go to sketchy sites does it matter? I hardly use my computer on that router anyway. It's mainly for FireTV/Kodi and phones
Posted on 12/12/16 at 2:51 pm to drewnbrla
So if I flash Tomato to it, which I plan on doing anyway, will that fix the problem?
Posted on 12/12/16 at 3:02 pm to Zappas Stache
quote:
So if I flash Tomato to it, which I plan on doing anyway, will that fix the problem?
I would think so because I think this is a firmware issue and not a hardware issue but I'm not 100% sure. I plan on flashing mine with either Tomato or DD-WRT regardless.
Posted on 12/12/16 at 6:11 pm to Hogkiller10
Nice fricking find! Will it's temporary, it's better than nothing!
Popular
Back to top
Follow TigerDroppings for LSU Football News