Researchers have discovered a bug in Netgear routers that allows attackers to take control very easily.
The router is the first line of defense against hackers; It is the bridge that unites our private network with the Internet, and as such its security is of vital importance.
This is why the news that several Netgear routers have a bug that leaves the door open to attackers is so serious. In fact, some security experts have even reacted advising users to stop using brand routers.
A vulnerability that leaves the doors of our router open
It is only necessary that the user of any device connected to the router clicks a malicious link. The device only needs to be on the same network for the request to go through the router to the Internet.
The link seems normal, but actually injects a command that the router execute with root permissions; root is the most powerful user on the system, and therefore accessing it assumes that the attacker can do whatever he wants with the device.
The problem is that the router does not filter the content of the HTTP requests it receives; this allows an attacker to include commands within the link itself, which are executed by the router.
The severity of this bug is very large, according to experts. It allows execute commands without entering the router password, and even works if we have not activated remote management.
How to know if we have the bug in Netgear routers
Netgear has confirmed that the vulnerability affects the following routers.
To find out if our router is affected by the vulnerability, we only have to open a new tab and enter the following URL.
http: // [address] / cgi-bin /; uname $ IFS-a
Where [address] is the IP address of the router. It is usually 192.168.1.1, but it may be different depending on the network. For example.
If a 404 message, an error or a blank page appears, it is that our router is not vulnerable. If anything else appears, like router information, it is.
Temporary bug fix on Netgear routers
Netgear has not released any patches yet, but it is possible to plug the hole temporarily. The interesting thing is that for this we have to use the hole ourselves to close the web server that receives the commands.
To do this, we enter this address
http: // [address] / cgi-bin /; killall $ IFS’httpd ‘
Where [address] is the IP address of the router. This command shutdown the web server, but this reboot as soon as we restart the router; therefore it is only a temporary solution.
Updated: Netgear has just released the first patches for the R6400, R7000 and R8000 models. These patches are in beta and have not been tested, but if we have a lot of urgency we can use them.