Netgear R7000 and R6400 and possibly other models may be vulnerable to Injection attacks, which can be exploited by remote attackers to run malicious scripts with Root privileges.
The Carnegie Mellon University CER disclosed this critical bug (Vulnerability Note VU#582384) with the two popular Netgear Models.
Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.
This can be done simply by convincing the user to visit the crafted website and from that point remote attacker can able to trigger the attack by executing arbitrary commands with root privileges on affected routers.
An attacker connected through LAN may do the same by issuing a direct request, e.g. by visiting:
http:///cgi-bin/;COMMAND More than that this exploit code has been disclosed publically.
This vulnerability has been confirmed in the R7000 and R6400 models. Community reports also indicate the R8000, firmware version 1.0.3.4_1.1.2, is vulnerable. Other models may also be affected.
At this time there is no available fix to this problem and CERT/CC recommends “consider stop using until a fix released”.
Pathfinder AI expands Hunters' vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and…
A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google…
In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a…
Microsoft has introduced a series of technical recommendations to bolster the security of Virtualization-Based Security…
A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the United…
Microsoft has announced the removal of the Data Encryption Standard (DES) encryption algorithm from Kerberos…