Nearly all recent Netgear home routers have a serious flaw, allowing nefarious hackers to take control of a router and use it for denial of service attacks after the router's owner simply visits a malicious website.
Netgear believes that the R6200, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000 are subject to the "command injection" attack, and the company claims to be investigating the flaw. As the attack can remotely take place on the router itself just from visiting a malicious website, Apple owners with a Netgear router are still at risk.
"Exploiting these vulnerabilities is trivial" — CERT
Another researcher has discovered that the R7000P, R7500, R7800, R8500, and R9000 are also afflicted by the flaw.
The exploit was initially published on Dec. 9, and later revealed by CERT on Dec. 11. Netgear did not go public with the issue until Dec. 12.
The original discoverer of the exploit claims that he told Netgear about the problem on Aug. 25, contrary to a public statement by Netgear claiming that the company is being "pro-active, rather than re-active" to security issues.
"Exploiting these vulnerabilities is trivial," writes CERT. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available."
Identifying if you're affected
Users can test to see if their router is vulnerable to the flaw from within the router's network by entering the IP address of the router, generally 192.168.1.1 in the following format:
If the router reboots, then it is vulnerable to the flaw.
Rectifying the issue
The same flaw can be used to shut down the assailable web server. The fix lasts until the router restarts. After executing the command, the router's web administration tools are not available.
Netgear has released beta firmware for an assortment of routers afflicted by the issue, but not all of them. The company notes that "this beta firmware has not been fully tested and might not work for all users."
Apple may be getting out of the router game
Apple's AirPort series of routers is immune to this particular attack, however, updates may not be available for that much longer.
Near the end of November, reports started circulating that Apple may be exiting the Wi-Fi router business. Former AirPort engineers are now reportedly working on other teams, including Apple TV development.
The internal changes suggest that Apple has no plans to update its lineup of routers, including the AirPort Extreme, Time Capsule, and AirPort Express. Apple's portable AirPort Express has not even been updated to 802.11ac.
The AirPort Extreme and Time Capsule products are not currently being sold in some Apple Retail stores.