US-CERT Advisory: Stop Using Your NETGEAR Router Right Now
We hope it isn’t a bad time to tell you this, but you may have to shut down your NETGEAR router ASAP. Why you ask? As it turns out, many of these popular routers are susceptible to “trivial” cyber attacks. Simply open a malware-infested website and your home Wi-Fi network could easily be hijacked by one nasty ransomware or two.
The routers are shockingly so defenseless that US-CERT (Computer Emergency Readiness Team) from the Department of Homeland Security posted a vulnerability advisory for it. At the moment, NETGEAR has been releasing new firmware to fix the issue. Upon closer inspection, however, it’s clear that the company still has a lot of ground to cover at this point.
Which NETGEAR Routers are Vulnerable?
Initially, US-CERT advised that routers R6400 (NETGEAR®AC1750-Smart WiFi Router) and R7000 (NETGEAR® AC1900-Nighthawk Smart WiFi Router) were deemed vulnerable. Later on, they included the model R8000 (NETGEAR® AC3200-Nighthawk AC3200 Tri-Band WiFi Router) in their advisory. Sadly, the list didn’t just end with the three.
As security experts investigated the routers, they discovered that the security flaw was present in several other models. Here is the most complete list of possibly affected NETGEAR routers we’ve seen so far:
It’s feared that the vulnerability could be more widespread than initially anticipated since many NETGEAR® routers run on the same firmware. You may have to run a test on your NETGEAR® router to be sure that it isn’t among them.
How Do I Test if My NETGEAR Router is Susceptible?
A simple yet harmless test can be done to see if your current NETGEAR router is susceptible. Just open a web browser while you’re connected to the Internet through your router and type the following command:
Take note that the “[RouterIP]” above should be substituted by your router’s IP address. To know your router’s local IP address, here’s a helpful guide. Or you could try this simpler command:
Whichever command you choose, your router SHOULD NOT reboot. If it does, you have to immediately unplug the device because it’s apparently vulnerable to remote infiltration. What comes next may be the most uncomfortable part of the process: waiting for NETGEAR to resolve the problem.
Is NETGEAR Taking Immediate Action on This?
Yes, the company is working on a fix as we speak. In fact, they’ve already released a few, new firmware for some router models. Sadly, the company admits that they have known about the security flaw since August, yet they have provided no details on the actions they took since then.
Can I Temporarily Protect My NETGEAR Router from Imminent Attacks?
Luckily, you can. It’s an unofficial workaround, but it should disable any attempts at infiltration. What it does is disable the router’s administration web interface completely. Consequently, you won’t be able to open ports or change WiFi passwords for the meantime. On the upside, hackers can’t exploit the only channel that allows them to infiltrate your network in the first place.
To begin, open an Internet browser and just type EITHER of these two:
These commands will disable the NETGEAR RouterLogin administrative software, subsequently. Again, this option takes away your administrative powers up until you physically reboot the router. Theoretically speaking, this temporary workaround shouldn’t affect your router’s ability to connect you to the Web.
You may, alternatively, dust off that old router you’ve kept in favor of the more powerful NETGEAR equipment and get them working. We’re hoping, though, that it doesn’t have the label NETGEAR on it.
Don’t ever think lightly of vulnerabilities, such as those of NETGEAR’s routers. With cyber attacks becoming more frequent, vicious, and cunning, you’ll be wise to err on the side of caution by turning off your router right now.