Netgear has issued firmware updates for select Wi-Fi router models that were affected by a remote code execution vulnerability discovered in mid-June. While there are dozens of SKUs potentially vulnerable attacks, more than half of the models will not get a fix as they are ‘outside of Netgear’s support window.’
As many as 79 Netgear home Wi-Fi router models (which are sometimes used in small offices too) are defenseless against both local and over the internet attacks that exploit their remote code execution vulnerability.
As it turns out, perpetrators can bypass the login process to get access to the router’s web server that runs the web-based administrative interface and take control of the device.
- Best wireless routers: the best Wi-Fi for your home network
- Wi-Fi 6 routers: the best Wi-Fi 6 routers you can buy
- Best mesh Wi-Fi routers: the best wireless mesh routers for large homes
Netgear router flaw
The security flaw was discovered by at least two security researchers over half of a year ago and Netgear was alerted about the vulnerability back in January. The findings were eventually published through Trend Micro’s Zero Day Initiative program in mid-June, months after Netgear was notified about the issue.
Netgear has issued new firmware that addresses the flaw for 34 out of 79 routers affected by the vulnerability. Meanwhile, Netgear has no plans to patch 45 models that were sold into the channel more than three years ago.
“Netgear has provided firmware updates with fixes for all supported products previously disclosed by ZDI and Grimm,” an official statement by Netgear reads. “The remaining products included in the published list are outside of our support window. In this specific instance, the parameters were based on the last sale date of the product into the channel, which was set at three years or longer.”
A number of Wi-Fi router models that will not be patched are ancient and were launched in 2007, but a few of the them support Wi-Fi 5 (802.11ac) and do not seem to be completely outdated at all. In fact, some are even available in retail.
The list of SKUs that will not be fixed includes the following models:
AC1450
D6300
DGN2200v1
DGN2200M
DGND3700v1
LG2200D
MBM621
MBR1200
MBR1515
MBR1516
MBR624GU
MBRN3000
MVBR1210C
R4500
R6200
R6200v2
R6300v1
R7300DST
WGR614v10
WGR614v8
WGR614v9
WGT624v4
WN2500RP
WN2500RPv2
WN3000RP
WN3000RPv2
WN3000RPv3
WN3100RP
WN3100RPv2
WN3500RP
WNCE3001
WNCE3001v2
WNDR3300v1
WNDR3300v2
WNDR3400v1
WNDR3400v2
WNDR3400v3
WNDR3700v3
WNDR4000
WNDR4500
WNDR4500v2
WNR3500v1
WNR3500Lv1
WNR3500v2
WNR834Bv2
Via: PC Gamer, Tom's Guide
