Monday, August 3, 2020

79 Netgear routers are at risk of hacking, but over half won’t be patched

Netgear has issued firmware updates for select Wi-Fi router models that were affected by a remote code execution vulnerability discovered in mid-June. While there are dozens of SKUs  potentially vulnerable attacks, more than half of the models will not get a fix as they are ‘outside of Netgear’s support window.’  

As many as 79 Netgear home Wi-Fi router models (which are sometimes used in small offices too) are defenseless against both local and over the internet attacks that exploit their remote code execution vulnerability. 

As it turns out, perpetrators can bypass the login process to get access to the router’s web server that runs the web-based administrative interface and take control of the device. 

Netgear router flaw

The security flaw was discovered by at least two security researchers over half of a year ago and Netgear was alerted about the vulnerability back in January. The findings were eventually published through Trend Micro’s Zero Day Initiative program in mid-June, months after Netgear was notified about the issue. 

Netgear has issued new firmware that addresses the flaw for 34 out of 79 routers affected by the vulnerability. Meanwhile, Netgear has no plans to patch 45 models that were sold into the channel more than three years ago.  

“Netgear has provided firmware updates with fixes for all supported products previously disclosed by ZDI and Grimm,” an official statement by Netgear reads. “The remaining products included in the published list are outside of our support window. In this specific instance, the parameters were based on the last sale date of the product into the channel, which was set at three years or longer.” 

A number of Wi-Fi router models that will not be patched are ancient and were launched in 2007, but a few of the them support Wi-Fi 5 (802.11ac) and do not seem to be completely outdated at all. In fact, some are even available in retail. 

The list of SKUs that will not be fixed includes the following models: 

AC1450

D6300

DGN2200v1

DGN2200M

DGND3700v1

LG2200D

MBM621

MBR1200

MBR1515

MBR1516

MBR624GU

MBRN3000

MVBR1210C

R4500

R6200

R6200v2

R6300v1

R7300DST

WGR614v10

WGR614v8

WGR614v9

WGT624v4

WN2500RP

WN2500RPv2

WN3000RP

WN3000RPv2

WN3000RPv3

WN3100RP

WN3100RPv2

WN3500RP

WNCE3001

WNCE3001v2

WNDR3300v1

WNDR3300v2

WNDR3400v1

WNDR3400v2

WNDR3400v3

WNDR3700v3

WNDR4000

WNDR4500

WNDR4500v2

WNR3500v1

WNR3500Lv1

WNR3500v2

WNR834Bv2

Via: PC GamerTom's Guide



from TechRadar - All the latest technology news https://ift.tt/31e85qA

No comments:

Post a Comment