Netgear R7000/R6400 like router exposure remote arbitrary command injection vulnerability, CERT recommends that a comprehensive moratorium on the use-vulnerability warning-the black bar safety net

2016-12-13T00:00:00
ID MYHACK58:62201682049
Type myhack58
Reporter 佚名
Modified 2016-12-13T00:00:00

Description

You with Netgear NETGEAR router? The recent need to be extra careful, especially router model R7000 and R6400 users-Netgear other models the users also need to beware. CERT/CC-us computer Emergency Response Team Coordination Center on Friday issued a security Bulletin, users are advised to suspend the use of both router-because both routers contain high-risk vulnerabilities. Netgear other models of routers may also be affected, just the CERT temporarily not disclosed. Gotta say, even with the latest version of firmware, the Netgear R700 and R6400 may still be a remote attacker to conduct arbitrary command injection attacks. So far, the network has not released a repair patch. ! Affect range: Netgear R7000 Router, the firmware version is 1. 0. 7. 2_1. 1. 93(may include earlier versions; and Netgear R6400 router, firmware version 1. 0. 1. 6_1. 0. 4(may include earlier versions; and CERT community reported, the R8000 router, firmware version 1. 0. 3. 4_1. 1. 2 also affected; there may be other models affected. Vulnerability overview: Using the above version of the firmware of the corresponding router is there any command injection vulnerability. Is the attacker click on construct a malicious website, a remote unauthorized attacker will be able to Root privileges to execute arbitrary commands; a local area network within the attacker can make requests directly reach a similar attack effect, such as access to: http:///cgi-bin/;COMMAND About the vulnerability of the PoC details see: https://www.exploit-db.com/exploits/40889/ Solution: There is no perfect solution, need to wait for Netgear released patches. However, there are some mitigation measures can be executed: 1. Disable web Services http:///cgi-bin/;killall$IFS'httpd' In performing this step, unless the restart, otherwise the router's web management operations is not available. 2. Moratorium on the use of CERT strongly recommends that users temporarily not to use the affected router, wait for the official fix patch. ! As the IoT part of the router and also CCTV, DVR and other devices, will be exploited by attackers, so its infected with a malicious program, which eventually became the botnet part. Recently named BestBuy hacking claims, has been to control the 320 million home routers, but also for these routers push malicious firmware updates. It is said even restart these routers useless, botnet army is still there. A little while ago Deutsche Telekom suffered a hacker attack, 90 million units of the router offline also still the fallout does not stop. IoT development what is the progress of the times, or times of sorrow?