NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
NightHawk X4S AC2600 Model R7800 VU#582384
I tried using the http://[router-address]/cgi-bin/;uname$IFS-a link to see if my computer was affected with the bug. And I got the number 0 on the screen. Which makes me wonder if my router is affect...
It's not one of the known affected models at this time. Please see the Security Advisory for VU 582384
You should keep an eye on that advisory for now as we are updating it regularly.
It's in top left corner.. It's the best picture I could get. I could send it thru imgur maybe it has a better image.
Anyways I sent a letter to the netgear secrutiy support email. waiting for a response. :)
All I can say is that the response you see is nothing like the screen I got when I tested my own vulnerable modem/router.
Unfortunately, I didn't grab the screen back then.
It would be useful is Netgear posted the sort of response expected from a vulnerable device. Then it wouldn't have to fend off a constant stream of similar queries.
Here is a message from a third party source that knows it stuff. This has more detail of what to expect when you test the device:
Netgear router remote control bug – what you need to know – Naked Security
That says:
Q. Can I test my own router?
Try visiting this URL:
http://routerlogin.net/cgi-bin/;uname
That should send a web request to the potentially vulnerable software component in your router.
If the exploit works, your router will run the command uname, a Unix utility that prints out the identity of the operating system, which is Linux on Netgear routers.
So, if you see a regular-looking error message, we think you are safe because your router didn’t run the unwanted command.
But if you see a web page including output that consists of the word Linux, you should assume the exploit worked because the command named in the URL ran.
Maybe Netgear can confirm this.
Sounds like I'm safe. As long I don't show Linux on it. So looks like the 0 is considered an error. :) Well time to set up the router then!
That's my understanding too.
Now that I think of it, when my modem was vulnerable it showed something like the UNIX string mentioned. Now it just blocks me.