cancel
Showing results for 
Search instead for 
Did you mean: 

Netgear advises users to use another router! (Security Vulnerability exposed)

Gel
Seasoned Pro
Posts: 1,592
Thanks: 163
Fixes: 14
Registered: 02-08-2007
2 REPLIES
LukeAger
Grafter
Posts: 121
Thanks: 5
Registered: 15-02-2012

Re: Netgear advises users to use another router! (Security Vulnerability exposed)

I don't think Netgear advised people to use other routers. At least I have not seen that anywhere. I did see the CERT who identified this vulnerability published a fix for this using the actual vulnerability exploit which is http://<router_IP>/cgi-bin/;killall$IFS'httpd'. This has to be the first time an exploit has been used to mitigate a vulnerability as far as I am aware. 

Netgear have now published updates for all the impacted models and so it's really not so big of an issue. The infosec world made a huge deal out of this when it really still pales in comparison to the damage that can be done using simple msOffice macro documents. To exploit this, an attacker would need to either be inside the LAN, or socially engineer someone into clicking a link which executed a command inside the victims LAN, but to do this, the attacker would already have to know what router the target was using. 
I watched this closely as i have one of these models Cheesy (patched) 

VileReynard
Seasoned Pro
Posts: 10,999
Thanks: 265
Fixes: 11
Registered: 01-09-2007

Re: Netgear advises users to use another router! (Security Vulnerability exposed)

Me too. Will do the firmware thing tonight.