Description
Our scan found a vulnerability on your router. Your router contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.
Solution
Some of the vulnerabilities may be patched in new versions of the device firmware. Applying the latest firmware update may solve the issue. Routers typically do not perform automatic updates, so you need to manually download and install the appropriate patches on the device.
Consult your router's manual for instructions. If updated firmware is not available, contact your router's vendor or manufacturer to provide a firmware update as soon as possible.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.
Details
We have identified the following problem with your router:
NETGEAR router command injection vulnerability
Severity: Medium
Reference: Shell Shock Labs
Description:
This vulnerability allows a remote attacker to gain control of several NETGEAR routers and your Internet connection. If you have Remote/WAN Management enabled on your router, the attacker can remotely utilize specially crafted commands on your router, turn it into remote code execution, and access all important and private data stored in the router -- your router login/password combination, your Wi-Fi password, and your configuration data.
Impact:
Any device connected to your network -- including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network -- may have an increased risk of compromise.
Recommendation:
Aside from applying the firmware update that addresses the issue, this vulnerability can be mitigated by disabling Remote/WAN Management and allowing only trusted devices to access your local network.