The DHS-sponsored CERT/CC at Carnegie Mellon University went to so far as to caution users to discontinue using the affected routers until updated firmware was made available. “If any other routers are affected by the same security vulnerability, we plan to release firmware to fix those as well.” “NETGEAR is continuing to review our entire portfolio for other routers that might be affected by this vulnerability,” the vendor said in its advisory.
Beta firmware, Netgear said, is available for the R6250, R6400, R6700, R7000 and R8000 models. Netgear, meanwhile, today posted a similar list of products it has tested and confirmed vulnerable: R6250 R6400 R6700 R7000 R7100LG R7300 R7900 R8000. In the original public disclosure, only two Nighthawk router versions were deemed vulnerable, but a researcher known as Kalypto Pink tested additional models and found a long list of vulnerable routers: the R6400 R7000 R7000P R7500 R7800 R8000 R8500 and R9000.
#NETGEAR R8500 FIRMWARE FULL#
“An attack could be a full takeover of the router, and the attacker could do anything.” “This is very trivial because the attacker does not even need a special tool or anything of that nature all they need is a web browser,” AceW0rm told Threatpost.
#NETGEAR R8500 FIRMWARE DOWNLOAD#
“NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.”Ī researcher who goes by the handle of AceW0rm said he disclosed the vulnerability in August, and that the report was never acknowledged by Netgear, therefore he decided to go public on Friday. This beta firmware has not been fully tested and might not work for all users,” Netgear said an advisory updated today.
“While we are working on the production version of the firmware, we are providing a beta version of this firmware release. The flaw allows attackers to carry out command injection attacks, and are reportedly trivial to exploit. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week.
0 kommentar(er)
