It's been corrected.jay040 said:
FYI -
Netgear users advised to stop using affected routers after severe flaw found
An advisory posted on Friday in Carnegie Mellon University's public vulnerability database (CERT) said that Netgear's R7000and R6400 routers, running current and recent firmware respectively, are vulnerable to an arbitrary command injection flaw.
If exploited, the vulnerability could let an unauthenticated attacker run commands with root privileges.
The code to exploit the vulnerability -- effectively just a URL -- has been released publicly, allowing anyone to carry out attacks.
An attacker would have to trick a user into visiting a website that contains the code, such as an invisible web frame, to exploit the flaw. Adding commands to the router's IP address can open up ports on the router, such as Telnet.CERT advised users to "strongly consider discontinuing use" of the devices until a fix is made available.
The following products might be vulnerable:
- R7000
- R6400
- R8000
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
