NightHawk X4S AC2600 Model R7800 VU#582384

It still doesn't answer the question. Is the 0 in the page considered an error? Because if not, then it is affected as stated in many articles  using the http://[router-address]/cgi-bin/;uname$IFS-a  to check vulnerability of router. Saying it's not part of the affected list doesn't tell me if the 0 i'm getting on screen is an error. Hope this clearify the question I was asking. Thank you.

What you see looks like a blank page to me:

The accessed Web page should show a error or blank page, otherwise you can assume that the fix didn’t work.

That (with its grammar lapse) is from:

Netgear Router: Critical Unfixed Vulnerability Permits Hacker Takeover

It's in top left corner.. It's the best picture I could get. I could send it thru imgur maybe it has a better image.

http://imgur.com/a/TYEEQ

Anyways I sent a letter to the netgear secrutiy support email. waiting for a response. 🙂

It's not on the known list of affected devices but it would be advisable to keep monitoring the advisory page for now until our investigation is complete.

All I can say is that the response you see is nothing like the screen I got when I tested my own vulnerable modem/router.

Unfortunately, I didn't grab the screen back then.

It would be useful is Netgear posted the sort of response expected from a vulnerable device. Then it wouldn't have to fend off a constant stream of similar queries.

Here is a message from a third party source that knows it stuff. This has more detail of what to expect when you test the device:

Netgear router remote control bug – what you need to know – Naked Security

That says:

Q. Can I test my own router?
Try visiting this URL:
http://routerlogin.net/cgi-bin/;uname
That should send a web request to the potentially vulnerable software component in your router.
If the exploit works, your router will run the command uname, a Unix utility that prints out the identity of the operating system, which is Linux on Netgear routers.
So, if you see a regular-looking error message, we think you are safe because your router didn’t run the unwanted command.
But if you see a web page including output that consists of the word Linux, you should assume the exploit worked because the command named in the URL ran.

Maybe Netgear can confirm this.

---

@katedan19772001 wrote:

It still doesn't answer the question. Is the 0 in the page considered an error?

---

Try http://[router-address]/cgi-bin/;killall$IFS’httpd’  That will kill the web server in the router if you are vulnerable.  Then close the browser, open a new instance and try to reach the router web page. If you can't, then you are affected.  If you can, then you aren't.

If you are affected, you can power-cycle the router and the web page will come back.  Note that while the web server is killed the vulnerability can't be exploited, so the router is fully safe to use.  Though of course you can't change the settings, etc.

---

@StephenB wrote:

 If you are affected, you can power-cycle the router ...

 

---

I respond this time only to pass on a salutary anecdote from another conversation that came up here the other days.

"What does power cycle mean?" a user asked.

This reminded me how easy it is for some of us to lose sight of what people do and don't know.

I advised that it just means turn it off and then back on at the mains.

But was that correct? Is there a difference between that and using the switch on the back?

---

@michaelkenward wrote:

---

 

But was that correct? Is there a difference between that and using the switch on the back?

  

---

The goal in this case is just to get the router to reboot.  The switch on the back will do the job (and so will disconnecting/reconnecting the power).

Sounds like I'm safe. As long I don't show Linux on it. So looks like the 0 is considered an error. 🙂 Well time to set up the router then!

That's my understanding too.

Now that I think of it, when my modem was vulnerable it showed something like the UNIX string mentioned. Now it just blocks me.