Reply

R7500v1 URL Hijacking (Is it affected?)

BlankAlpha
Aspirant

R7500v1 URL Hijacking (Is it affected?)

Hi All,

 

I am currently away from my router, but has anyone tried to kill their web UX? (If you can do this we are definitely vunerable)

http://[router-address]/cgi-bin/;killall$IFS’httpd’ (From LH: http://lifehacker.com/psa-several-netgear-routers-have-an-easily-exploitable-1790016543)

I plan on it this weekend. The other thread I saw got shut down by the Netgear Mods without actually providing any evidence.

If anyone has this router and would like to try this between now and tomorrow I would appreciate it.

If not I will come back and reply to this thread to let everyone know if we are affected.

Thanks,

Model: R7500|Nighthawk X4 AC2350 Smart WiFi Router
Message 1 of 5
BlankAlpha
Aspirant

Re: R7500v1 URL Hijacking (Is it affected?)

Also, I would probably change your IP address range to 10.110.XXX.XXX as CSRF attacks would probably go after 192.168.0.1

Message 2 of 5
mdgm-ntgr
NETGEAR Employee Retired

Re: R7500v1 URL Hijacking (Is it affected?)

It's not on the list of affected devices. My understanding is that QA has already checked this device and found that it is not affected.

 

It's important to note that all our testing is against the latest firmware. If you are running old firmware then you may be affected.

Message 3 of 5
BlankAlpha
Aspirant

Re: R7500v1 URL Hijacking (Is it affected?)

the R7500v1 is EOL (no longer recieving firmware updates). Will it recieve an update if it is found to be affected?

Message 4 of 5
mdgm-ntgr
NETGEAR Employee Retired

Re: R7500v1 URL Hijacking (Is it affected?)

We found that it is not affected when we checked it.

 

EOL (End of Life) means that if we do any further firmware updates they are likely to only be for security fixes.

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 1792 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E