Topic: US-CERT: Stop using your remotely exploitable Netgear routers

[nincehelser]

http://www.networkworld.com/article/3148771/security/us-cert-stop-using-your-remotely-exploitable-netgear-routers.html

Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability. By convincing a user to visit a specially crafted web site, a remote attacker may execute arbitrary commands with root privileges on affected routers.

…

This vulnerability has been confirmed in the R7000 and R6400 models. Community reports also indicate the R8000, firmware version 1.0.3.4_1.1.2, is vulnerable. Other models may also be affected.

[ValentineWeather]

Netgear acknowledges but still no update. http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic

[BigOkie]

Not intending this to be a 'rip Netgear' thread but a Netgear was the very first router I bought back in the early 2000s.  I dumped it pretty quickly for one of the Linksys Blue Bricks and stayed with Linksys for a while until I now use the Asus routers which are top notch.

[ValentineWeather]

Patch is out just updated my R7000.