Originally posted on Worms and Viruses board, but posting here now, as it is a collection of mac networks.

My Netflix account has been compromised, we reset the password, and it was compromised again the next day. The person at Netflix is concerned that the hackers are able to view our emails or getting info from our home computer network.

Using Avast, the Home Network Security Scan, complains about my router: Netgear Nighthawk 1900 having Vulnerability ID:
CVE-2015-0932, which says “User input can be executed as a command”

Looking at the Netgear user community, there was a thread from last month showing that this is a false positive.

Using the Full System Scan, it found a JS:Includer-BOC[Trj] file in the firefox downloads of one of the users on one laptop in the home network. Another laptop on the network is scanning clean. The third laptop on the network does not have Avast yet, and I am working on that.

How concerned should I be about these issues Avast has reported?

If you lookup the CVE, you will see that it is not a false threat.

So what steps do I take with the CVE issue? Do I need a new router?

With routers the insecurity almost always comes through issues with the firmware.
First thing to do is checking if there is a newer version and if there is install it.

Firmware is already up to the latest version.

Does it still show up with the latest VPS? This false-positive should be AFAIK fixed.

The router Vulnerability is now gone. Thanks.

Download the latest firmware from your router manufacture, re flash it even if it is the same version. Then change your email password and change your Netflix password. Clear browser history and cookies after every password change. Do this all in one sitting. Is there another PC or computers on your network??? If so, first check those out for malware before you change everything.