There are no active ads.

Advertisement

Netgear lags on router fixes, despite Homeland Security warning

by Todd Haselton | December 14, 2016December 14, 2016 10:30 am PDT

netgear

Netgear is finally fessing up that several of its routers are indeed highly vulnerable to attack. It’s starting to roll out fixes, but the company released a list of models that are still at risk. It’s something the company could have avoided, had it only listened to a security researcher named Andrew Rollins, who alerted the firm to the security issues as early as this past August, Wired said. Netgear ignored those warnings entirely.

As a result, Homeland Security and CERT said on Friday that folks who own any of the unpatched routers should just turn them off. “Exploiting these vulnerabilities is trivial,” CERT said. “Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.”

The routers are vulnerable to a simple phishing attack, it seems. “By convincing a user to visit a specially crafted web site, a remote unauthenticated attacker may execute arbitrary commands with root privileges on affected routers,” CERT explained. Again, this appears to be associated with the same warnings Netgear received from Rollings in August; it just decided not to do anything about the problem until now.

Netgear routers are still vulnerable

According to Wired, which spoke with Rollins, Netgear should have patched everything by now. ““It’s making them look very incompetent,” Rollins said, noting that it’s very easy to apply the patches to each router. Instead, Netgear is fixing them one by one, with many still unpatched for the time being. You’d think a router company would have the right people on staff to get this fixed immediately. Maybe Rollins should submit his resume?

In any case, here’s a list of the routers that are affected, with asterisks next to the models that have software patches available (make sure you update!)

  • R6250*
  • R6400*
  • R6700*
  • R6900
  • R7000*
  • R7100LG*
  • R7300DST*
  • R7900*
  • R8000*
  • D6220
  • D6400
  • D7000
Netgear Wired CERT

Todd Haselton

Todd Haselton has been writing professionally since 2006 during his undergraduate days at Lehigh University. He started out as an intern with...

Advertisement

Advertisement

Advertisement