US-CERT Advisory: Stop Using Your NETGEAR Router Right Now

We hope it isn’t a bad time to tell you this, but you may have to shut down your NETGEAR router ASAP. Why you ask? As it turns out, many of these popular routers are susceptible to “trivial” cyber attacks. Simply open a malware-infested website and your home Wi-Fi network could easily be hijacked by one nasty ransomware or two.

The routers are shockingly so defenseless that US-CERT (Computer Emergency Readiness Team) from the Department of Homeland Security posted a vulnerability advisory for it. At the moment, NETGEAR has been releasing new firmware to fix the issue. Upon closer inspection, however, it’s clear that the company still has a lot of ground to cover at this point.

 

Which NETGEAR Routers are Vulnerable?

Initially, US-CERT advised that routers R6400 (NETGEAR®AC1750-Smart WiFi Router) and R7000 (NETGEAR® AC1900-Nighthawk Smart WiFi Router) were deemed vulnerable. Later on, they included the model R8000 (NETGEAR® AC3200-Nighthawk AC3200 Tri-Band WiFi Router) in their advisory. Sadly, the list didn’t just end with the three.

As security experts investigated the routers, they discovered that the security flaw was present in several other models. Here is the most complete list of possibly affected NETGEAR routers we’ve seen so far:

 

  • NETGEAR® AC1600 Smart WiFi Router (Model R6250)
  • NETGEAR® AC1750-Smart WiFi Router (Model R6400)
  • NETGEAR® Nighthawk AC1750 Smart WiFi Router (Model R6700)
  • NETGEAR® AC1900-Nighthawk Smart WiFi Router (Model R7000)
  • NETGEAR® AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
  • NETGEAR® Nighthawk AC1900 Modem Router (Model R7100LG)
  • NETGEAR® Nighthawk DST 1900 Dual-Band Wi-Fi Router (Model R7300)
  • NETGEAR® AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
  • NETGEAR® AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
  • NETGEAR® Nighthawk AC3000 X6 Tri-Band Wi-Fi Router (Model R7900)
  • NETGEAR® AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
  • NETGEAR® AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
  • NETGEAR® AD7200-Nighthawk X10 Smart WiFi Router (Model R9000)

 

It’s feared that the vulnerability could be more widespread than initially anticipated since many NETGEAR® routers run on the same firmware. You may have to run a test on your NETGEAR® router to be sure that it isn’t among them.

 

How Do I Test if My NETGEAR Router is Susceptible?

A simple yet harmless test can be done to see if your current NETGEAR router is susceptible. Just open a web browser while you’re connected to the Internet through your router and type the following command:

http://[RouterIP]/cgi-bin/;REBOOT

Take note that the “[RouterIP]” above should be substituted by your router’s IP address. To know your router’s local IP address, here’s a helpful guide. Or you could try this simpler command:

http://www.routerlogin.net/cgi-bin/;REBOOT

Whichever command you choose, your router SHOULD NOT reboot. If it does, you have to immediately unplug the device because it’s apparently vulnerable to remote infiltration. What comes next may be the most uncomfortable part of the process: waiting for NETGEAR to resolve the problem.

 

Is NETGEAR Taking Immediate Action on This?

Yes, the company is working on a fix as we speak. In fact, they’ve already released a few, new firmware for some router models. Sadly, the company admits that they have known about the security flaw since August, yet they have provided no details on the actions they took since then.

 

Can I Temporarily Protect My NETGEAR Router from Imminent Attacks?

Luckily, you can. It’s an unofficial workaround, but it should disable any attempts at infiltration. What it does is disable the router’s administration web interface completely. Consequently, you won’t be able to open ports or change WiFi passwords for the meantime. On the upside, hackers can’t exploit the only channel that allows them to infiltrate your network in the first place.

To begin, open an Internet browser and just type EITHER of these two:

http://[RouterIP]/cgi-bin/;killall$IFS’httpd’

http://www.routerlogin.net/cgi-bin/;killall$IFS’httpd’

These commands will disable the NETGEAR RouterLogin administrative software, subsequently. Again, this option takes away your administrative powers up until you physically reboot the router. Theoretically speaking, this temporary workaround shouldn’t affect your router’s ability to connect you to the Web.

You may, alternatively, dust off that old router you’ve kept in favor of the more powerful NETGEAR equipment and get them working. We’re hoping, though, that it doesn’t have the label NETGEAR on it.

 

 

Don’t ever think lightly of vulnerabilities, such as those of NETGEAR’s routers. With cyber attacks becoming more frequent, vicious, and cunning, you’ll be wise to err on the side of caution by turning off your router right now.

Related Posts

Latest Posts

Want to stay up to date
with the latest tech news?