Netgear exploit turning routers into botnets
The cybersecurity firm Trustwave just disclosed an exploit they discovered that affects Netgear routers. They were able to find the same exploit worked in 31 different models from Netgear meaning it is highly likely that if you have Netgear you are vulnerable. The exploit let Trustwave to bypass the password and take all admin rights through a flaw in the password recovery system. The positive news is that unless remote management feature is enabled, the router cannot be exploited remotely. This option is disabled by default on most of Netgear devices. Otherwise the hacker would need physical access to the router to use this exploit. Netgear has responded quickly with a firmware update available from their website.
https://thenextweb.com/gadgets/2017/01/31/netgear-vulnerability-router-bypass/