In the http server used in Netgear SOHO routers,
Since when working with the stack in the firmware, protection mechanisms were not used, such as setting
- D6300
- DGN2200
- EX6100
- R6250
- R6400
- R7000
- R8300
- R8500
- WGR614
- WGT624
- WN3000RP
- WNDR3300
- WNDR3400
- WNDR4000
- WNDR4500
- WNR834B
- WNR1000
- WNR2000
- WNR3500
- WNR3500L
Updates to fix the vulnerability have not yet been released (0-day), so users are advised to block access to the HTTP port of the device for requests from untrusted systems. Netgear was made aware of the vulnerability on January 8, but by the 120-day agreed-upon disclosure deadline for the vulnerability, did not release a firmware update to fix the problem and requested an extension of the embargo. The researchers agreed to move the deadline to June 15, but at the end of May, Netgear representatives once again asked to move the deadline to the end of June, which was refused.
Source: opennet.ru