Netgear confirmed 12 of its router models are vulnerable to device hijacking due to a remotely exploitable vulnerability.
The vulnerability allows the execution of Linux commands if they end up appended to the URL of a page the victim visits. The appended commands execute with root privileges, and through them the attackers can make the device do pretty much anything they want to.
Router models confirmed to be affected are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, R8000, R6900, D6220, D6400, and D7000.
Netgear has also provided, as a temporary solution, a beta version of the firmware it will release that will fix the flaw.
“This beta firmware has not been fully tested and might not work for all users,” the company said in a security advisory.
They also advised all users to download the production (final) version of the firmware release as soon as it is made available.
The beta version of the firmware is currently available for the R6400, R7000, and R8000 models.
There is no mention of reports of the vulnerability undergoing exploitation.