Netgear router owners, I hope you have a spare router\u2014at least those of you with remotely exploitable models\u2014since US-CERT recommended discontinuing use of router models that are vulnerable to arbitrary command injection.Which models? Right now it looks like Netgear R7000, R6400 and R8000 routers, but there may be more. Should you really take this seriously and unplug your router? You betcha, since US-CERT said it is \u201ctrivial\u201d to exploit this vulnerability. Visit a booby-trapped page, and whammo! An attacker would be saying hello to root privileges on your router.An exploit, which was released on Exploit Database, was published on Dec. 7. Netgear has yet to issue new firmware to patch the flaw in its vulnerable routers. There is a way to test if your router is vulnerable and even a non-official temporary fix you can try if tossing out your router is not an option.US-CERT advised discontinue use of vulnerable routersOn Friday, Dec. 9, US-CERT (Computer Emergency Readiness Team) published a vulnerability advisory about Netgear routers R7000 and R6400. Since then, Reddit user noxlator said the R8000 is also vulnerable and US-CERT updated the advisory to reflect that information.US-CERT warned:Netgear R7000, firmware version 126.96.36.199_1.1.93 and possibly earlier, and R6400, firmware version 188.8.131.52_1.0.4 and possibly earlier, contain an arbitrary command injection vulnerability. By convincing a user to visit a specially crafted website, a remote attacker may execute arbitrary commands with root privileges on affected routers.\u2026This vulnerability has been confirmed in the R7000 and R6400 models. Community reports also indicate the R8000, firmware version 184.108.40.206_1.1.2, is vulnerable. Other models may also be affected.In case you are wondering, that firmware for the R7000\u2014Nighthawk AC1900 smart router\u2014is the newest firmware available by Netgear. Here are Netgear\u2019s links to the R8000\u2014Nighthawk AC3200 tri-band gigabit router and the R6400. Hopefully those\u2014and any other vulnerable models\u2014will soon be updated with less insecure firmware.I know you don\u2019t want to join the ranks of insecure router owners, since the devices are frequently abused, such as by Mirai malware, and added to IoT botnets to launch massive DDoS attacks. Since Netgear has released no fix and US-CERT currently does not have a solution to the problem, US-CERT advised: \u201cDiscontinue use.\u201dExploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.Test to see if your Netgear router is vulnerableThe command injection vulnerability was discovered by a Twitter user going by Acew0rm. He has since posted a video that explains how you can test to see if your Netgear router is remotely exploitable. You can also use his code on GitHub and hope you don\u2019t see the message: \u201cYou have been pwned.\u201d You may have noticed that Acew0rm said he didn\u2019t expect news of this vulnerability to grow so big. It seems like Netgear sure didn\u2019t, since the company was told about the flaw four months ago. Let\u2019s hope any official statement by the company doesn\u2019t include insincere platitudes such as your security is important to Netgear.Temporary fixIf you don\u2019t have spare routers just laying around in case of an emergency such as your router potentially being pwned and added to an IoT botnet, then you might want to try a \u201ctemporary fix\u201d provided by Bas.Bas suggested:1. (optional) Verify that your router is affected by going to this URL:http:\/\/[router-address]\/cgi-bin\/;uname$IFS-aIf that shows you anything but an error (or an empty page), you\u2019re affected.2. Point your browser to the following URL to terminate the web server process (which facilitates the vulnerability) on your router:http:\/\/[router-address]\/cgi-bin\/;killall$IFS'httpd'3. (optional) Verify that the URL in step (1) is no longer accessible.The temporary fix uses the vulnerability to stop the router\u2019s web server, meaning you won\u2019t be able to access router settings via your browser, yet the router will keep functioning. It\u2019s nothing permanent as a simple reboot will return your Netgear router to its old vulnerable state.