A number of routers made by Netgear are vulnerable to an arbitrary command injection flaw that can be triggered simply by a user visiting a web site.
At least eight different Netgear routers have been found to be affected by the glaring security flaw by researchers at Carnegie Mellon University - but more may be vulnerable.
Users of the affected devices have been advised to stop using them until a fix is published.
The vulnerability, VU #582384, came to light late on Friday. It has been confirmed by the US Computer Emergency Readiness Team (CERT) as affecting router models including R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000.
Netgear has said that other models may also be affected too, although it is keen to emphasise that only those models listed are subject to the announcement. Netgear has confirmed that it is actively working on a production firmware which plugs the vulnerability.
"While we are working on the production version of the firmware, we are providing a beta version of this firmware release," a spokesperson told V3.
"This beta firmware has not been fully tested and might not work for all users. Netgear is offering this beta firmware release as a temporary solution, but Netgear strongly recommends that all users download the production version of the firmware release as soon as it is available."
The beta firmware is available for the R6400, R7000 and R8000 only.
As a work-around one security blogger has suggested that by typing http://[router-address]/cgi-bin/;killall$IFS'httpd' into your browser will kill any processes that are causing the problem. This is not official advice, however.
CERT is advising customers to stop using the affected routers until there's a patch.
Although the newly launched Orbi triband system shares a lot in common with the routers listed, it is not thought that this is affected.
In 2015, Netgear routers were found to be one of several brands affected by a drive-by DNS hopper vulnerability which had lain dormant for years.
The news comes just a week after routers issued by internet service provider (ISP) TalkTalk were found to be compromised in a new cyber attack.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago