Critical Bugs in Netgear Nighthawk Routers

Walden Systems Geeks Corner News Critical Bug in Netgear Nighthawk Routers Rutherford NJ New Jersey NYC New York City North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

Netgear issued a warning about a critical remote code execution bug that could allow an unauthenticated hackers to take control of the Nighthawk router running firmware versions older than 1.0.2.68. The warnings also include two high-severity bugs affecting Nighthawk routers.

The vulnerability affects the company's consumer Nighthawk X4S Smart Wi-Fi Router. Netgear is urging customers to visit its online support page to download a patch for the bug. The same R7800 model router is also vulnerable to a high-severity post-authentication command injection flaw. This flaw exists in 29 other router models within the D6000, R6000, R7000, R8000, R9000 and XR500 family of Netgear hardware. Brands include 20 SKUs of the Wireless AC Router Nighthawk hardware, four of its Wireless AC Routers and four DSL Gateway AC devices.


Netgear has a history of patching command injection flaws going back to 2013. In 2013, researchers found a similar vulnerability in Netgear's WNDR3700v4 router that allowed a hacker to take control of the hardware. More recently, in 2018 researchers at Fortinet discovered that Netgear R8000 model router also had a post-authentication command injection flaw tied to its CGI Handler. Netgear is urging customers to visit its online support page and search by device model for the most recent firmware to update and patch their devices.