A cybersecurity researcher found a Netgear Zero-Day vulnerability which allows full takeover of about 79 Netgear router models.
“The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer.”
“This vulnerability affects firmwares as early as 2007 (WGT624v4, version 2.0.6),” he said in his post. “Given the large number of firmware images, manually finding the appropriate gadgets is infeasible. Rather, this is a good opportunity to automate gadget detection.”
Affected router models
According to Nichols, 79 Netgear router models and 758 firmware images contain the vulnerable HTTPD daemon.
A list of these affected models and firmware can be found in Nichols’ PoC exploit.
Below we can see the 79 router models that are affected:
Netgear has released some new firmware releases for newer models however these devices do not automatically update themselves. You will have to download the firmware from the website then log into your router and update the firmware.