Security researchers Martin Rakhmanov from Trustwave conducted a one-year-study on the firmware running on Netgear routers and discovered vulnerabilities in a couple of dozen models. The flaws reside in the genie_restoring.cgi script used by the Netgear boxs built-in web server. The vulnerability can be triggered to extract files and passwords from its flash storage and to pull files from USB sticks plugged into the router. The attack works against any gateways with remote configuration access enabled.”]
Source: http://securityaffairs.co/wordpress/68883/hacking/netgear-router-flaws.html