With exploit code publicly available and details of the vulnerability widely known, Netgear has released a beta version of new firmware to fix a bug in several of its routers that attackers can use to execute arbitrary code on the devices.
The Netgear router vulnerability affects several of the company’s home router models, including the R6250, R6400, R6700, and many others. Attackers can exploit the vulnerability by tricking users into clicking on a malicious link. Researchers at the CERT/CC at Carnegie Mellon University disclosed the vulnerability a few days ago and there is exploit code available for the bug. Neatgear officials said the company is developing a full firmware update to fix the flaw, but in the meantime have released a beta update for some of the vulnerable models.
“While we are working on the production version of the firmware, we are providing a beta version of this firmware release. This beta firmware has not been fully tested and might not work for all users. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available,” the company said in its advisory.
The quick release of the beta update is a clear indication of the seriousness of the vulnerability and the high potential for users to be compromised. Netgear hasn’t said when the final updated firmware for the affected routers will be available, and said it is still trying to determine if any other devices are vulnerable.
“NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability. If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well,” the company said.
Image: Kristy MacPherson, CC By-SA license.