How to tell if your Netgear router is vulnerable to attack (updated)

You may well have heard that certain models of Netgear routers are vulnerable to outside attack, even though they have their external admin feature disabled.

Netgear has now confirmed that the affected models include: R6250, R6400, R6700, R6900, R7000, R7100LG, R7300DST, R7900, R8000, D6220, and D6400. Netgear believes that the following models are not vulnerable: D7000, R7000P, R7500, R7800, R8500, and R9000.

If you have another model and are unsure – as I was – whether that might be affected, there is a simple test which should reveal whether your router is vulnerable. In your browser, type the following as the web address to go to:
http://192.168.0.1/cgi-bin/;uname$IFS-a
where you replace the 192.168.0.1 with the (local) IP address of your router.

The response in your browser should be an error on an otherwise blank page. If anything else is shown instead, you should suspect that yours is vulnerable.

What should you do if your router is vulnerable? Netgear now provides release or beta firmware patches for all affected models from this support article.

If you believe that your Netgear router is still vulnerable and Netgear has not provided effective firmware to address this, you should contact Netgear support soonest.

Updated 19 December 2016.