If you are using Netgear routers at home or in your office network, you need to be aware of the latest security issue. Netgear has confirmed that there are three router lines that may have these security issue:
• R6400
• R7000
• R8000 series
It has not been confirmed at this time whether the R7000P, R7500, R7800, R8500 or R9000 models are vulnerable, as well. This new flaw was discovered by a team at CERT, a federally funded agency that investigates software vulnerabilities and coordinates industry responses.
A few interesting items to note about this vulnerability include that it requires action on the user's part to expose the router to the risk. Meaning that it is not automatic. In order for your router to be exposed to this risk, you must click on a specially crafted corrupted link. There are a couple of interesting things to note about this particular vulnerability. It does require action on your part to expose the router to risk. Specifically, you’ve got to click on a corrupted link. When this is done, a root-level command will be sent to the router. This root-level command will essentially take it over and hand it to the hackers to do as they please with it.
One of the possible outcomes is that the hackers will use this access to intercept traffic. This intercept, of course, could include passwords, credit card numbers, secure banking information, and anything else that you do on your network. Since a router can act as a gateway to a network, it means that once it is under they're control, they could have access to everything.
The flaw that was discovered by CERT is so severe that Netgear is recommending that owners of the routers in question simply unplug it until the firmware can be upgraded. However, a stable firmware upgrade is not readily available but Netgear has moved quickly to make available a beta (test) release of the firmware patch. We recommend applying this beta patch immediately if you use their routers and it is available from Netgear's site. If you own any of the three affected models listed above, you should update immediately and continue checking Netgear’s website to ensure that none of their other models have been impacted.
This latest flaw underscores just how vulnerable digital systems are. It doesn’t matter how much you’ve spent on network security; a flaw like this can make it impossible to protect your company or personal data.
If you’re concerned about this and other issues of digital security, contact us today. One of our knowledgeable team members will be happy to work with you to help ensure your protection is as robust as it can be.
