Netgear R7000 and R6400 and possibly other models may be vulnerable to Injection attacks, which can be exploited by remote attackers to run malicious scripts with Root privileges.
The Carnegie Mellon University CER disclosed this critical bug (Vulnerability Note VU#582384) with the two popular Netgear Models.
Netgear R7000, firmware version 1.0.7.2_1.1.93 and possibly earlier, and R6400, firmware version 1.0.1.6_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability.
This can be done simply by convincing the user to visit the crafted website and from that point remote attacker can able to trigger the attack by executing arbitrary commands with root privileges on affected routers.
An attacker connected through LAN may do the same by issuing a direct request, e.g. by visiting:
http:///cgi-bin/;COMMAND More than that this exploit code has been disclosed publically.
This vulnerability has been confirmed in the R7000 and R6400 models. Community reports also indicate the R8000, firmware version 1.0.3.4_1.1.2, is vulnerable. Other models may also be affected.
At this time there is no available fix to this problem and CERT/CC recommends “consider stop using until a fix released”.
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…