Inside Russian Internet Retailer Ulmart's Fulfillment Center As Sales Top $1b
An employee organises a stock of Netgear Inc. internet routers. Andrey Rudakov—Bloomberg via Getty Images

Unplug Your Easily Hijacked Netgear Routers Pronto

Dec 12, 2016

Netgear has yet to fix a critical vulnerability uncovered by a hacker in several of its home Wi-Fi router models.

A security researcher using the online alias "Acew0rm" discovered the flaw, which allows attackers to gain complete control of affected routers with minimal effort. Last week, the researcher released the details of a simple exploit, or code that takes advantage of the vulnerability.

Acew0rm alerted Netgear to the problem on Aug. 25, but never heard back, the researcher told Fortune in a direct message on Twitter. So four months later, Acew0rm took the find public.

Netgear did not immediately reply to Fortune's request for comment.

"Exploiting this vulnerability is trivial," US-CERT, a cybersecurity unit within the Department of Homeland Security, warned in a bulletin on Friday. The note urged consumers to "strongly consider discontinuing use of affected devices until a fix is made available."

Get Data Sheet, Fortune’s technology newsletter.

To take over a Netgear customer's machine, an attacker must merely append commands, or computer instructions, to a URL being accessed by someone on an affected network. An attacker can do this by tricking a person into clicking on a malicious link or visiting a booby-trapped website that is running the exploit code.

Because the Netgear routers fail to filter out unauthorized commands, they easily succumb to an attacker's bidding. With the correct set of instructions—for instance, opening Telnet, a channel that admits remote logins on a certain router port—the device becomes compromised.

Netgear acknowledged the problem in a brief security advisory posted Sunday. The networking equipment maker pointed to three models that are possibly vulnerable: its R7000, R6400, and R8000 routers.

The problem may be more extensive than Netgear has let on, however. Another security researcher who goes by the alias "Kalypto Pink" warned in a separate post that additional models are also open to attack.

For more on hacking, watch:

"I have tested all models below, with the exception of the R9000, and have found them to be vulnerable," Kalypto said. The researcher listed the following routers.

  • NetGear AC1750-Smart WiFi Router (Model R6400)
  • NetGear AC1900-Nighthawk Smart WiFi Router (Model R7000)
  • NetGear AC2300-Nighthawk Smart WiFi Router with MU-MIMO (Model R7000P)
  • NetGear AC2350-Nighthawk X4 AC 2350 Dual Band WiFi Router (Model R7500)
  • NetGear AC2600-Nighthawk X4S Smart WiFi Gaming Router (Model R7800)
  • NetGear AC3200-Nighthawk AC3200 Tri-Band WiFi Router (Model R8000)
  • NetGear AC5300-AC5300 Nighthawk X8 Tri-Band WiFi Router (Model R8500)
  • NetGear AD7200-Nighthawk X10 Smart WiFi Router (R9000)

Some researchers have devised a temporary fix that involves exploiting the vulnerability itself. It's simple, though the simplest solution is simply to switch off your router until further notice.

Here's how the workaround works. You can block attacks simply by clicking on a version of the following link, http://[router-address]/cgi-bin/;killall$IFS'httpd', except replace "[router-address]" with your router's locally assigned IP address, as Bas van Shaick, a Dutch data scientist, noted on his personal blog. (For reference, here's a primer on determining your router's IP address.)

Clicking on that link will execute a command that disables the web server embedded in affected routers, preventing them from processing incoming commands without affecting their ability to connect to the Internet.

To see whether the workaround succeeded, simply click on a version of the following link, http://[router-address]/cgi-bin/;uname$IFS-a, except once again replace "[router-address]" with your router's locally assigned IP address. The accessed Web page should show a error or blank page, otherwise you can assume that the fix didn't work.

Be careful though, the workaround will last only so long as the router is not rebooted. Until the networking equipment maker pushes patches, its probably wisest for customers to unplug affected devices.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions