Netgear R7000 and R6400 routers and possibly other models are vulnerable to arbitrary command injection.
An exploit leveraging this vulnerability has been publicly disclosed. By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers.
Exploiting this vulnerability is trivial. Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.