Your router runs a “firmware,” which is essentially its operating system.Quite a few routers are actually built on top of Linux, and that means security vulnerabilities in the Linux kernel or related software — like the Shellshock bug in the Bash shell — could affect your router.Shellshock affected a number of routers, and we’ve also seen routers hacked and turned into botnets. You should ensure your router is getting security updates, too.Depending on your router, you may have to do this by hand, set up automatic updates — or not do anything at all.Automatic firmware update is fairly easy to do and Netgear Technical Support suggests you that you should always use the automatic update first as the chances of errors in the automatic update is less when compared to manual update.Do not close the browser or refresh the page during the update as it can interrupt the update and can also damage your router.The initial alert said that only Netgear R6400 and R7000 models were vulnerable, but users reported on Reddit that Netgear R8000 routers were also affected.Netgear acknowledged the issue over the weekend, and today expanded the list and issued firmware updates.
Netgear has released firmware updates for affected routers.
This time around, the bug can expose router login passwords and can be exploited remotely.
Here's a list of Netgear routers that are affected and where to get the firmware patches for each of them.
An attacker on the same local area network may do the same by issuing a direct request using the syntax COMMAND.
The attacker may in either way execute commands with root privileges on the affected router.