Experts have warned against using particular Netgear routers.

Carnegie Mellon University's Computer Emergency Response Team (CERT) has issued a warning to stop using routers with Netgear firmware version 1.0.7.2_1.1.93 and earlier, until a serious flaw is fixed.

The CERT says Netgear router models R6400, R7000, and R8000 are believed to be vulnerable to arbitrary command injection, and that other models could be affected by the flaw too.

The vulnerability is in the routers' management interface, which allows anyone to run arbitrary system commands with superuser privileges.

Attackers only need to issue a URL with a command string added on.

The CMU CERT says it is “currently unaware of a practical solution” for the issue, though it is possible to use the flaw to turn off the vulnerable web server in the affected routers using the command:

http://[IP-ADDRESS-ROUTER]/cgi-bin/;killall$IFS'httpd'

Netgear has not yet issued its own security advisory or firmware fix.