NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7000 Vulnerability Note VU#582384
It has been reported on various outlets that there is a vulnerability with the R7000 and R6400 routers. Please see https://www.kb.cert.org/vuls/id/582384 . The advisor reads "Exploiting this vulnera...
Hi All,
The Security Advisory for VU 582384 has been updated.
Also, for more information see the link below.
Just because you got an error message does not mean the command wasn't executed, you might not see the output of the command in the web browser.. I would check if any ports were openned by, for example, if your command ran telnetd then telnet to that port to see if it was open. I'm not about to do this on my router on purpose. I suspect if i did this, a reboot might close the port again as nothing was done to make telnetd start automatically on boot..
I tried both the ls and telnet commands. And both versions of the string on the exploit-db website (with and without the cgi-bin directory). The ls command did not execute in either case and no telnet port showed up in the Port-Routing or Services table. However, the behavior of the router was different depending on whether the exploit string included the cgi-bin directory: if the directory was included, then the router returned a "Resource Not Found" error; if not, then the admin password was requested.
I admittedly do not have the experience to reach any sort of conclusion regarding the differences in the router's behavior.
I only tested this because I only have one router and cannot realistically take it offline for days or weeks. Thus, at best, this is a risky work-around, not a solution.