The vulnerability here is trivial to exploit, so easy in fact that you can easily test to see if your router is vulnerable with a simple URL. While a Netgear has released a tentative patch, this is so serious that the recommendation is to “pull the plug”. There is a work-around that is easy to implement but lasts only until your router reboots. Read the article, and then if your device is affected, read and apply the temporary fix. Remember you must reapply this “fix” every time your router boots. The vulnerability allows an attacker to execute arbitrary code on your router. This code could disable the router’s firewall, install a backdoor, or (most likely) install code to turn your router into a zombie that is part of a botnet. If your router were to be activated as part of a distributed denial of service (DDoS) attack, you would notice a degradation of your Internet service as well as be part of an illegal activity.
When Netgear issues a “permanent” fix, it will be a new version of the router firmware that you must download and apply. This process is easy so long as you follow instructions.
Netgear is normally my favorite brand of router, especially their business-grade devices. The vulnerable models are all home Wi-Fi routers. This is troubling. If you have one of the vulnerable routers, please let me know.
UPDATE: Netgear has released updated firmware for all of the affected routers. Read Netgear’s final response here.