New research has found that a wide variety of routers made by Netgear Inc. are highly susceptible to hacking.

The security issue, discovered by researchers at Carnegie Mellon University, allows remote attackers to inject highly privileged commands when anyone connected to a Netgear router clicks on a malicious link. Once exploited, the flaw allows hackers to inject a command to gain root access to the router and then execute commands by sending maliciously crafted requests for web files. They also can intercept all web traffic coming in and out, including login details, email addresses and card numbers.

Models affected include the R7000, R6400 and the R8000, with the R6250, R6700, R700LG, R7300 and R7900 also said to be vulnerable.

“Exploiting this vulnerability is trivial,” Carnegie Mellon’s Software Engineering Institute and the Computer Emergency Readiness Team said in a statement. “Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”

Netgear has released a patch for the vulnerability, though for a beta version for the R6400, R7000 and R8000 routers, with a promise that beta firmware versions for some of the remaining models will be released this week. However, the release came with a warning:

“This beta firmware has not been fully tested and might not work for all users …. NETGEAR is offering this beta firmware release as a temporary solution, but NETGEAR strongly recommends that all users download the production version of the firmware release as soon as it is available.”

Alternatively, a temporary fix is available by exploiting the vulnerability to issue a command to turn off the router’s Web server. This can be done by accessing http:// [router_IP_address] /cgi-bin / ;killall$IFS’httpd’ (without spaces) in a browser connected to the router. But it only lasts as long as the router is connected. The web server becomes active again with a reboot.

Image credit: Gionnico/Wikimedia Commons/ GNU Free